Security in a web application boils down to always checking any
user-supplied input data.
Exploits
- • readfile($filename)
- • system($cmd)
- • file uploads into document_root
- • XSS - Cross Site Scripting hacks
Input Filter hook
PHP_MINIT_FUNCTION(my_input_filter)
{
sapi_register_input_filter(my_sapi_input_filter);
return SUCCESS;
}
For a complete example, see README.input_filter in the PHP 5 source distribution and pecl/filter.
For PHP4, you will have to patch your source with http://lerdorf.com/php/input_filter.txt
