[OWASP_PHPSEC] ErrorHandler and Echo variations

Abbas Naderi abbas.naderi at owasp.org
Sun Jul 7 17:53:18 UTC 2013


Hello Folks!
I've added two files to core lib folder, namely error.php and functions.php
The error.php file contains the error handler I have set up for phpsec project (Without logging features yet), and the functions.php file contains some safe variations of the ECHO php statement used to dump values to the screen.
Notice the decontaminated comments in that file? we will add a static scanner that searches project and only allows echo in areas that are decontaminated, this way no XSS will be left in the whole project. 
Thanks
-Abbas
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130707/8be916d9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4893 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130707/8be916d9/attachment.bin>


More information about the OWASP_PHP_Security_Project mailing list