On Thursday, 31 May 2007, at 09:51:14 (+0300),
Chady Kassouf wrote:
> > - $this->dirnews = "p/news/".$_GET['l'];
> > + if (isset($_GET['l']) && (strlen($_GET['l']) == 2)) {
> > + $this->lang = $_GET['l'];
> > + }
> > + $this->dirnews = "p/news/" . $this->lang;
>
> This isn't a lot better either, Sure it helps against people reading
> files off the server, but it doesn't help against someone passing
> any random two character value for "l"
Incorrect. It is significantly better. If someone is stupid enough
to put in their own 2-character value for language, errors will
result, and that's perfectly okay. There is no longer an exploitable
vulnerability, and that's what counts.
Michael
--
Michael Jennings (a.k.a. KainX) http://www.kainx.org/ <[EMAIL PROTECTED]>
n + 1, Inc., http://www.nplus1.net/ Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
"Define irony. 'A bunch of idiots dancing on a plane to a song made
famous by a band that died in a plane crash.'"
-- Garland Greene (Steve Buscemi), "Con-Air"
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
enlightenment-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
