[OWASP_PHPSEC] Sample Application based on PHPSEC

Abbas Naderi abiusx at owasp.org
Sat Oct 12 01:51:25 UTC 2013


Yes but it allows LFD attacks.
-A
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Oct 11, 2013, at 6:03 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> is this correct ?
> 
>         protected function StaticContent($Request)
> 	{
> 		if (!realpath(__DIR__."/../static/{$Request}"))
> 			return require_once (__DIR__ . "/../../view/default/404.php");
> 		else
> 		{
> 			\phpsec\DownloadManager::download(__DIR__ . "/../static/{$Request}");
> 		}
> 	}
> 
> This is working correctly .....
> 
> 
> On Wed, Oct 9, 2013 at 10:40 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> ok will do....u got me scared...:D
> 
> 
> On Wed, Oct 9, 2013 at 10:36 PM, Abbas Naderi <abiusx at owasp.org> wrote:
> It does, but its overly complicated. Dare look at it.
> -A
> 
> ______________________________________________________________
> Notice: This message is digitally signed, its source and integrity are verifiable.
> If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com
> 
> On Oct 9, 2013, at 10:24 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> 
>> yeah...I saw that.....I was trying to write code for that but couldn't understand what to do exactly...does jFramework contains code for static controller? 
>> 
>> 
>> On Wed, Oct 9, 2013 at 10:17 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>> Hello
>> I haven't done the static controller part yet :| if you look at front controller code, that section is empty :D
>> Ping me back in the weekend, and I promise to finish it and polish it as well!
>> -Abbas
>> ______________________________________________________________
>> Notice: This message is digitally signed, its source and integrity are verifiable.
>> If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com
>> 
>> On Oct 9, 2013, at 10:00 PM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
>> 
>>> Hello All,
>>> 
>>> Its been a long time...huh
>>> 
>>> So, these past few days, I started making a sample application based on PHPSEC, to see what would the developers feel like using the framework...for most cases, it was good.
>>> 
>>> But, whenever I try to attach something (CSS, JS , Images etc files) in the html pages, then it doesn't gets attached. I am not sure why that is...
>>> 
>>> e.g. <img src='someloacation/image.png' />     //this does not work.
>>> 
>>> So, can you guys help me on this....
>>> and btw, the sample application is located in:
>>> https://github.com/rash805115/rnj
>>> 
>>> 
>>> -- 
>>> Regards,
>>> Rahul Chaudhary
>>> Ph - 412-519-9634
>>> _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>> 
>> 
>> 
>> 
>> -- 
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
> 
> 
> 
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
> 
> 
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20131011/2cfd5340/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list