 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 436 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Sanitize Path for PHP-Nuke (Score: 1)
by Jeruvy on Sunday, November 02 @ 10:21:13 CET
(User Info | Send a Message) | If I may...it's trying to remove strings that look like directory traversals and pass simply a name as the example states. However I'm looking at that code and thinking....that isn't going to work.
Unfortunately I believe the solution is to understand what 'looks' like a proper request, and what 'isn't', and allow the 'looks' good to pass the sanitizer without being scrubbed. OF course this brings problems too...as someone could try to craft a tag that looks good and isn't, but if a clear standard for tags could be established it could reduce the potential for damage considerably.
|
| Parent | | | | | |
|