The issue: Unintialized variables can lead for unexpected code segments to be executed.
<?php
if (correct_user($_POST['user'], $_POST['password']) {
$login = true;
}
if ($login) {
forward_to_secure_environment();
}
?>
The solution: Initialize your variables
- Never trust ANY user input.
Common XSS example: This request will open an JavaScript alert window with text "XSS".
<form action="<?php echo $_SERVER['PHP_SELF']; ?>">
</form>
Request: http://example.com/tests/simple.php/%22%3E%3Cscript%3Ealert('xss')%3C/script%3E%3Cfoo
Variables containing user input: $_POST, $_GET, $_REQUEST, $_COOKIE, $_SERVER, ($_ENV)