[OWASP_PHPSEC] ErrorHandler and Echo variations

Azeddine Islam Mennouchi azeddine.mennouchi at owasp.org
Sun Jul 7 20:00:28 UTC 2013


Just one question what do you mean by "PROJECT" the phpsec project or any
project that is developed using the framework

Regards Islam,


On Sun, Jul 7, 2013 at 5:53 PM, Abbas Naderi <abbas.naderi at owasp.org> wrote:

> Hello Folks!
> I've added two files to core lib folder, namely error.php and functions.php
> The error.php file contains the error handler I have set up for phpsec
> project (Without logging features yet), and the functions.php file contains
> some safe variations of the ECHO php statement used to dump values to the
> screen.
> Notice the decontaminated comments in that file? we will add a static
> scanner that searches project and only allows echo in areas that are
> decontaminated, this way no XSS will be left in the whole project.
> Thanks
> -Abbas
> ______________________________________________________________
> *Notice:* This message is *digitally signed*, its *source* and *integrity* are
> verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
>
>
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>


-- 
Islam Azeddine Mennouchi
Consultant at NovaSup
http://www.novasup.com/
OWASP ALGERIA Chapter Leader
phone n°: +213796314102
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130707/974ccfb4/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list