[OWASP_PHPSEC] use of extra parameter?

Abbas Naderi abiusx at owasp.org
Thu Aug 29 06:36:53 UTC 2013


It is correct, and it does detect reverses.
-Abbas
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Aug 29, 2013, at 3:40 AM, "Howell, Roger (Student)" <howelrtc at aston.ac.uk> wrote:

> I believe that length refers to the threshold length at which the function triggers a "detection".
> 
> For example, a length of 4 might permit "rabbit" (ab, length 2) and "definite" (def, length 3) but not permit "mnopoly" (mnop, length 4).
> 
> It is not immediately clear to me whether the code detects reverse-alphabetical sequences such as "federal" (fed). 
> 
> Kind regards,
> Roger
> 
> 
> 
> Minhaz A V <minhazav at gmail.com> wrote:
> 
> 
> I found this piece of code in user.php in auth library
> /**
> * To check if the string has ordered characters i.e. strings such as "abcd".
> * @param String $string
> * @param int $length
> * @return boolean
> */
> public static function hasOrderedCharacters($string, $length)
> {
> $length=(int)$length;
> $i = 0;
> $j = strlen($string);
> //Group all the characters into length 1, and calculate their ASCII value. If they are continous, then they contain ordered characters.
> $str = implode('', array_map(function($m) use (&$i, &$j)
> {
> return chr((ord($m[0]) + $j--) % 256) . chr((ord($m[0]) + $i++) % 256);
> }, str_split($string, 1)));
> return preg_match('#(.)(.\1){' . ($length - 1) . '}#', $str)==true;
> }
> ---------------------------------------------------
> Can you tell me whats this $length parameter exactly if not length of string??
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130829/dbe65fa4/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list