PHP secure Function

Nytro · June 5, 2008

Daca o folosesc pentru a securiza toate variabilele GET si POST si totul inainte de afisare , se poate trece de ea ? Se poate gasi SQLI , XSS ... ?

function secure($ce)
{  // addslashes Login ByPass
   $secured=str_replace('"','\"',$ce);
   $secured=str_replace("'","\'",$secured);
   // Caractere folosite la SQLI
   $secured=str_replace("-","& # 45;",$secured);
   $secured=str_replace("+","& # 43;",$secured);
   $secured=str_replace(",","& # 44;",$secured);
   $secured=str_replace(".","& # 46;",$secured);
   $secured=str_replace("(","& # 40;",$secured);
   $secured=str_replace(")","& # 41;",$secured);
   $secured=str_replace("*","& # 42;",$secured);
   // htmlentities XSS , scripting
   $secured=str_replace("<","& # 60;",$secured);
   $secured=str_replace(">","& # 62;",$secured);
   // Hex  : All
   $secured=str_replace("%22",'\"',$ce);
   $secured=str_replace("%27","\'",$secured);
   $secured=str_replace("%2d","& # 45;",$secured);
   $secured=str_replace("%2b","& # 43;",$secured);
   $secured=str_replace("%2c","& # 44;",$secured);
   $secured=str_replace("%2e","& # 46;",$secured);
   $secured=str_replace("%28","& # 40;",$secured);
   $secured=str_replace("%29","& # 41;",$secured);
   $secured=str_replace("%2a","& # 42;",$secured);
   $secured=str_replace("%3c","& # 60;",$secured);
   $secured=str_replace("%3e","& # 62;",$secured);

   return $secured;
}

Scuzati , am folosit codurile si le-a transformat phpBB in caractere . Functia e fara spatii la coduri ( & # 45 ) .

moubik · June 5, 2008

uite in genul:

http://rstcenter.com/forum/post48108.rst

Nytro · June 5, 2008

uite in genul:
http://rstcenter.com/forum/post48108.rst

Foarte posibil sa ai probleme :

$filterMe = str_replace("#", "#", $filterMe);

$filterMe = str_replace("&", "&", $filterMe);

Ai incercat functia ? un ##&& ar trebui sa fie : &_#35 &_#35 &_#38 &_#38

Dar dupa ce va inlocui primul # cu &_#35 il va inlocui apoi pe al doilea , cel din &_#35 etc. Cred :-? . Oricum vei avea probleme .

Scuze nu am stiut de postul tau .

Si ai uitat ;

moubik · June 5, 2008

da, aceasta versiune de functie e la prima varianta acolo

cred ca in mod corect modificarile se fac altfel, si in acelasi timp.

deci pe tot string-ul o data

Sign In

PHP secure Function

Recommended Posts

Nytro

moubik

Nytro

moubik

Join the conversation

Browse

Activity

Pages