Re: Security check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wednesday 01 June 2005 22:33, you wrote:
>
> >    elseif(count($_POST)>0)
> >     foreach($_POST as $key=>$value)
> >      if( ($key!=='login') && ($key!=='name') && ($key!=='pass') )
> >       $hiddens.=<<<_hid_
> > <input type="hidden" name="$key" value="$value">\n\t
> > _hid_;
>
> But what happened here?  Why do you assume POST data is safe?

You're right it isn't.  Thanks!

>
> >    if( (array_key_exists('savereferer',$_GET)) &&
> > ($_GET['savereferer']=='yes'))
> >    {safeReferer($ref,$chksum);
> >     $hiddens.=<<<_ref_
> > <input type="hidden" name="referer" value="$ref">\t
> > \t<input type="hidden" name="checksum" value="$chksum">
> > _ref_;
> >     }
>
> I don't see where $ref comes from.  I am assuming it somehow trickles
> down from HTTP_REFERER?  If so, did you clean it?

Here is the function safeReferer
function safeReferer(&$referer,&$checksum,$default=PAGE_PAGESTORE)
{#small piece of code to safely include referers in html code
 #+ get referer, save it in the form with a digest code with some noise
 #+ on request, verify the by adding the noise to the referer and calculating 
the digest code.
 #+ if it does not match, use standard page as referer
   
 $referer=htmlspecialchars(urlencode( @ $_SERVER['HTTP_REFERER']));

 if($referer=='')
  $referer=$default;
 $checksum=makeCheckSum($referer);
 $req_ref=$req_chk=null;
 if( (!(empty($_POST['referer']))) && (!(empty($_POST['checksum']))) )
 {$req_ref=$_POST['referer'];
  $req_chk=$_POST['checksum'];}
 elseif( (!(empty($_GET['referer']))) && (!(empty($_GET['checksum']))) )
 {$req_ref=urlencode($_GET['referer']); #parameters passed urlencoded are 
automatically decoded by php!
  $req_chk=$_GET['checksum'];}
 else
  makeCheckSum($referer);
 if(!(is_null($req_ref)))
 {if(makeCheckSum($req_ref)==$req_chk)
  {$referer=$req_ref;
   $checksum=$req_chk;}
  else
  {$referer=urlencode($default);
   $checksum=makeCheckSum($referer);}
 }
 return urldecode($referer);
}

function makeCheckSum($input)
{$noise="+++some'(-546%noise#*";
 $checksum=sha1(md5("$input$noise"));
 return $checksum;
}


Thank you 

With kind regards


Andy
-- 
Registered Linux User Number 379093
-- --BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/O/>E$ d-(---)>+ s:(+)>: a--(-)>? C++++$(+++) UL++++>++++$ P-(+)>++
L+++>++++$ E---(-)@ W+++>+++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++)
PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+)
e>++++$@ h++(*) r-->++ y--()>++++
-- ---END GEEK CODE BLOCK------
--
Check out these few php utilities that I released
 under the GPL2 and that are meant for use with a 
 php cli binary:
 
 http://www.vlaamse-kern.com/sas/
--

--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux