[OWASP_PHPSEC] use of extra parameter?

Minhaz A V minhazav at gmail.com
Thu Aug 29 19:36:14 UTC 2013


got it thanks :)


On Thu, Aug 29, 2013 at 12:06 PM, Abbas Naderi <abiusx at owasp.org> wrote:

> It is correct, and it does detect reverses.
> -Abbas
> ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
> On Aug 29, 2013, at 3:40 AM, "Howell, Roger (Student)" <
> howelrtc at aston.ac.uk> wrote:
>
> I believe that length refers to the threshold length at which the function
> triggers a "detection".
>
> For example, a length of 4 might permit "rabbit" (ab, length 2) and
> "definite" (def, length 3) but not permit "mnopoly" (mnop, length 4).
>
> It is not immediately clear to me whether the code detects
> reverse-alphabetical sequences such as "federal" (fed).
>
> Kind regards,
> Roger
>
>
>
> Minhaz A V <minhazav at gmail.com> wrote:
>
>
> *I found this piece of code in user.php in auth library*
> /**
> * To check if the string has ordered characters i.e. strings such as
> "abcd".
> * @param String $string
> * @param int $length
> * @return boolean
> */
> public static function hasOrderedCharacters($string, *$length*)
> {
> *$length=(int)$length;*
> $i = 0;
> $j = strlen($string);
> //Group all the characters into length 1, and calculate their ASCII value.
> If they are continous, then they contain ordered characters.
> $str = implode('', array_map(function($m) use (&$i, &$j)
> {
> return chr((ord($m[0]) + $j--) % 256) . chr((ord($m[0]) + $i++) % 256);
> }, str_split($string, 1)));
> return preg_match('#(.)(.\1){' . (*$length* - 1) . '}#', $str)==true;
> }
> ---------------------------------------------------
> Can you tell me whats this $length parameter exactly if not length of
> string??
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130830/df5bdd57/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list