[Owasp-leaders] [OWASP-wiki-editors] Wrong info PHP Token generators on OWASP wiki page

Jim Manico jim.manico at owasp.org
Thu May 19 01:17:23 UTC 2016


Forwarded to Matt Tesauro, thank you Johanna.
- Jim

On 5/18/16 3:39 PM, johanna curiel curiel wrote:
>
> This is the twit regarding insecure token generators on OWASP wiki:
> https://twitter.com/FreekPaans/status/724228053325484032
>
> I have replied asking the person to tell us whats wrong and I have
> added a label for review on the wiki
>
> A kind OWASP member have already sent me some info that seems to be wrong
> such as to change:
>
>   /<form(.*?)>(.*?)<\\/form>/is
> to
>  /<form([^>]*)>([^<]*)<\\/form>/is
>
> I'll check this further with other PHP folks
>
> regards
>
> Johanna
>
>
> On Wed, May 18, 2016 at 3:01 PM, johanna curiel curiel
> <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>
>     Someone on twitter posted that the info regarding the Token
>     generator described here is wrong
>     https://www.owasp.org/index.php/PHP_CSRF_Guard
>
>     @wikieditors: Could anyone confirm this and for the wiki editors,
>     flag page as incorrect or in need of a review ?
>
>     -- 
>     Johanna Curiel 
>     OWASP Volunteer
>
>
>
>
> -- 
> Johanna Curiel 
> OWASP Volunteer
>
>
> _______________________________________________
> OWASP-wiki-editors mailing list
> OWASP-wiki-editors at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-wiki-editors

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160518/0e19eb2a/attachment.html>


More information about the OWASP-Leaders mailing list