|
|
|
|
- Readme First! - Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 436 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
| The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
No Comments Allowed for Anonymous, please register | | | | |
Re: Sanitize Path for PHP-Nuke (Score: 1) by Jeruvy on Sunday, November 02 @ 10:21:13 CET (User Info | Send a Message) | If I may...it's trying to remove strings that look like directory traversals and pass simply a name as the example states. However I'm looking at that code and thinking....that isn't going to work.
Unfortunately I believe the solution is to understand what 'looks' like a proper request, and what 'isn't', and allow the 'looks' good to pass the sanitizer without being scrubbed. OF course this brings problems too...as someone could try to craft a tag that looks good and isn't, but if a clear standard for tags could be established it could reduce the potential for damage considerably.
|
| Parent | | | | | |
|