Welcome Guest, Not a member yet? Register   Sign In
Insecure Form_validation rule "encode_php_tags"
#1

[eluser]Phil Sturgeon[/eluser]
At the moment if I were to enter <?pHp, <?Php, <?phP etc then it would get through.

Current code:
Code:
function encode_php_tags($str)
    {
        return str_replace(array('<?php', '<?PHP', '<?', '?>'),  array('<?php', '<?PHP', '<?', '?>'), $str);
    }

Should be:

Code:
function encode_php_tags($str)
    {
        return str_ireplace(array('<?php', '<?', '?>'),  array('<?php', '<?', '?>'), $str);
    }

str_ireplace is case-sensitive so all combinations of upper/lower-case will be matched.


Messages In This Thread
Insecure Form_validation rule "encode_php_tags" - by El Forum - 04-14-2009, 05:55 AM
Insecure Form_validation rule "encode_php_tags" - by El Forum - 04-14-2009, 08:50 AM
Insecure Form_validation rule "encode_php_tags" - by El Forum - 04-15-2009, 07:17 AM
Insecure Form_validation rule "encode_php_tags" - by El Forum - 04-20-2009, 09:30 AM
Insecure Form_validation rule "encode_php_tags" - by El Forum - 04-20-2009, 09:39 AM
Insecure Form_validation rule "encode_php_tags" - by El Forum - 04-20-2009, 09:49 AM
Insecure Form_validation rule "encode_php_tags" - by El Forum - 04-20-2009, 09:58 AM



Theme © iAndrew 2016 - Forum software by © MyBB