| Router.php - preg_replace |
(11-08-2017, 05:33 AM)mkannan22 Wrote: The call to preg_replace may contain untrusted input. For example, the 2nd argument contains data from an environment variable that may be abused during an HTTP request from the variable val. Nonsense. There's zero environment variables involved, and both $key and $val are explicitly declared by the developer in config/routes.php. (11-08-2017, 05:33 AM)mkannan22 Wrote: This environment variable originated from earlier calls to is_https and module._list_process. Literally nothing in the code in question is affected by is_https(), and I don't know what module._list_process is, but it doesn't even sound related. (11-08-2017, 05:33 AM)mkannan22 Wrote: Here is a sample of what I am getting at here without writing a full PoC. Yes, if you use raw, unvalidated user input as your regular expression in preg_replace(), bad things will happen. Nothing like that is going on in CI_Router, and it certainly doesn't mean that every preg_replace() call should be assumed to be vulnerable code, which is basically what you're implying. |
| Messages In This Thread |
|
Router.php - preg_replace - by mkannan22 - 11-06-2017, 10:41 AM
RE: Router.php - preg_replace - by Narf - 11-07-2017, 03:46 AM
RE: Router.php - preg_replace - by mkannan22 - 11-07-2017, 10:08 AM
RE: Router.php - preg_replace - by Narf - 11-08-2017, 03:14 AM
RE: Router.php - preg_replace - by mkannan22 - 11-08-2017, 05:33 AM
RE: Router.php - preg_replace - by Narf - 11-08-2017, 06:17 AM
RE: Router.php - preg_replace - by dave friend - 11-07-2017, 07:49 PM
|
