2011/05/17  

A new project abounds…

Following a shout-out from a classmate, I’ve had a look at his Flash / PHP e-mail script.

While not being too bad a prospect, it didn’t work, sadly because of ini_set being used incorrectly: an “unexpected” encapsulated string was on line 10…

Unfortunately, he had also neglected to make use of PHP’s many built-in text-editing functions; particularly those that can help quash cross-site and injection attacks.

Following use of htmlspecialchars, any given text is operated on to encode any of the following:

  • Less-than and greater-than signs;
  • Ampersands (quite useful for encoding URLs, as recommended by PHP.net);
  • Single and Double quote-marks (as long as the correct parameter is set)

However, for a more blanketed approach, perhaps htmlentities would have been better…

Tags: , ,

About Nick

Professional bureaucrat, ex-KUSECWB, graduate & techie-monsta / computer-wrangler; at your service.

One response to “A new project abounds…”

  1. Nick says :

    Having found the marvellous PHPSec, I think their guide (with admittedly a much wider catchment) to the same subject is a very good read! Go find:
    http://phpsec.org/projects/guide/1.html

%d bloggers like this: