[OWASP_PHPSEC] use of extra parameter?

Howell, Roger (Student) howelrtc at aston.ac.uk
Wed Aug 28 23:40:16 UTC 2013


I believe that length refers to the threshold length at which the function triggers a "detection".

For example, a length of 4 might permit "rabbit" (ab, length 2) and "definite" (def, length 3) but not permit "mnopoly" (mnop, length 4).

It is not immediately clear to me whether the code detects reverse-alphabetical sequences such as "federal" (fed).

Kind regards,
Roger



Minhaz A V <minhazav at gmail.com> wrote:


I found this piece of code in user.php in auth library
/**
* To check if the string has ordered characters i.e. strings such as "abcd".
* @param String $string
* @param int $length
* @return boolean
*/
public static function hasOrderedCharacters($string, $length)
{
$length=(int)$length;
$i = 0;
$j = strlen($string);
//Group all the characters into length 1, and calculate their ASCII value. If they are continous, then they contain ordered characters.
$str = implode('', array_map(function($m) use (&$i, &$j)
{
return chr((ord($m[0]) + $j--) % 256) . chr((ord($m[0]) + $i++) % 256);
}, str_split($string, 1)));
return preg_match('#(.)(.\1){' . ($length - 1) . '}#', $str)==true;
}
---------------------------------------------------
Can you tell me whats this $length parameter exactly if not length of string??
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130828/e767f160/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list