In nearly all of my PHP tutorials you’ll see me using the secure function to sanitise incoming user data from things like forms, and $_GETs . Its a small function, which no doubt alot of you already have, but here it is anyway.
function secure($string) {
$string = strip_tags($string);
$string = htmlspecialchars($string);
$string = trim($string);
$string = stripslashes($string);
$string = mysql_real_escape_string($string);
return $string;
}
As you can see, it basically sanitises the heck out of everything. Some people say its an overkill but you can use it in almost every situation when user data is incoming.
This isn’t Yet Another PHP Security blog post, like you see on all the other websites. This is aimed at people who run existing software such as SMF, Joomla and WordPress.
Some people using pre-made software think they are immune to hacking attempts. 4 days ago, there was a vulnerability found in the latest version of the Coppermine Gallery software, after the vulnerability was made public, hundreds of people got hit, and their galleries essentially destroyed. Infact there were 2 SQL injection vulnerabilities found within 5 days of each other. For something that has been in development since September 7th 2003, thats pretty scary.
Now, if you owned a Coppermine Gallery what measures could you take to make sure that your installation was safe, even if you couldn’t patch it yourself, you could take it offline until one is released. The website securityfocus.com is a security and vulnerability website. People post the latest vulnerabilities there in software, for example one of the coppermine vulns , http://www.securityfocus.com/bid/28767 . If you do a daily run of your blogs/forums, you could also go there and type in the version and software that your using to do a quick check. Social news websites such…
Subscribe to feeds
