[OWASP_PHPSEC] ErrorHandler and Echo variations

Abbas Naderi abbas.naderi at owasp.org
Sun Jul 7 20:06:07 UTC 2013


I realized that ambiguouity after I hit send! Indeed I mean the project using the framework.
-Abbas
On Tir 17, 1392, at 12:30 AM, Azeddine Islam Mennouchi <azeddine.mennouchi at owasp.org> wrote:

> Just one question what do you mean by "PROJECT" the phpsec project or any project that is developed using the framework
> 
> Regards Islam, 
> 
> 
> On Sun, Jul 7, 2013 at 5:53 PM, Abbas Naderi <abbas.naderi at owasp.org> wrote:
> Hello Folks!
> I've added two files to core lib folder, namely error.php and functions.php
> The error.php file contains the error handler I have set up for phpsec project (Without logging features yet), and the functions.php file contains some safe variations of the ECHO php statement used to dump values to the screen.
> Notice the decontaminated comments in that file? we will add a static scanner that searches project and only allows echo in areas that are decontaminated, this way no XSS will be left in the whole project. 
> Thanks
> -Abbas
> ______________________________________________________________
> Notice: This message is digitally signed, its source and integrity are verifiable.
> If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com
> 
> 
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> 
> 
> 
> 
> -- 
> Islam Azeddine Mennouchi
> Consultant at NovaSup
> http://www.novasup.com/
> OWASP ALGERIA Chapter Leader
> phone n°: +213796314102
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130708/495f2870/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4893 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130708/495f2870/attachment-0001.bin>


More information about the OWASP_PHP_Security_Project mailing list