[Esapi-php] Interactions between esapi-php and suhosin
Matteo Pasotti
matteo.pasotti at gmail.com
Wed Nov 17 10:04:43 EST 2010
Hi all,
I'm developing a project for my company with esapi-php and I can't
understand the reason of a problem that appears on machines with php
(centos) and that doesn't appear on machines with php+suohsin
(debian).
More precisely I'm using the SafeRequest filter class for handling
post/get data, in a way like this:
//------------------------ portion of code -----------------------------
public function getData($param,$validator='SafeString',$audit='Test_getData'){
$value = $this->oSafeRequest->getParameter($param);
if($this->oValidator->isValidInput($audit + $value, $value,
$validator, 6000, true)){
return $value;
}
return false;
}
....
$objRequest->getData('paramtest');
....
// where paramtest is, for example, passed using a simple anchor like this
<a href="index.php?paramtest=abc">blabla</a>
//-----------------------------------------------------------------------------
This piece of code works fine with php+suhosin; it doesn't work at all
with php only, it blocks everything :-(
The revision of esapi-php is 822.
I can't understand, as I said before, if it's my fault (mistakes in my
code?) or not.
Does anyone have any tips?
Kind Regards,
--
Matteo
More information about the Esapi-php
mailing list