[OWASP_PHPSEC] ErrorHandler and Echo variations

Azeddine Islam Mennouchi azeddine.mennouchi at owasp.org
Sun Jul 7 21:10:37 UTC 2013


Thank you wish to work on it

Regards Islam,


On Sun, Jul 7, 2013 at 8:06 PM, Abbas Naderi <abbas.naderi at owasp.org> wrote:

> I realized that ambiguouity after I hit send! Indeed I mean the project
> using the framework.
> -Abbas
> On Tir 17, 1392, at 12:30 AM, Azeddine Islam Mennouchi <
> azeddine.mennouchi at owasp.org> wrote:
>
> Just one question what do you mean by "PROJECT" the phpsec project or any
> project that is developed using the framework
>
> Regards Islam,
>
>
> On Sun, Jul 7, 2013 at 5:53 PM, Abbas Naderi <abbas.naderi at owasp.org>wrote:
>
>> Hello Folks!
>> I've added two files to core lib folder, namely error.php and
>> functions.php
>> The error.php file contains the error handler I have set up for phpsec
>> project (Without logging features yet), and the functions.php file contains
>> some safe variations of the ECHO php statement used to dump values to the
>> screen.
>> Notice the decontaminated comments in that file? we will add a static
>> scanner that searches project and only allows echo in areas that are
>> decontaminated, this way no XSS will be left in the whole project.
>> Thanks
>> -Abbas
>>  ______________________________________________________________
>> *Notice:* This message is *digitally signed*, its *source* and *integrity
>> * are verifiable.
>> If you mail client does not support S/MIME verification, it will display
>> a file (smime.p7s), which includes the X.509 certificate and the signature
>> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
>> AbiusX.com <http://abiusx.com/>
>>
>>
>> _______________________________________________
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>
>>
>
>
> --
> Islam Azeddine Mennouchi
> Consultant at NovaSup
> http://www.novasup.com/
> OWASP ALGERIA Chapter Leader
> phone n°: +213796314102
>  _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
>


-- 
Islam Azeddine Mennouchi
Consultant at NovaSup
http://www.novasup.com/
OWASP ALGERIA Chapter Leader
phone n°: +213796314102
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130707/9e6098ec/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list