I have a password-protected, user, on-line editor that I'm hardening against
hackers just in case a user's pw is stolen or local PC is infected.
The user can enter html tags; but, I restrict the acceptable tags to benign
ones. e.g., <p>, <b>, <table>, etc. e.g., no <embed... <script... etc.
Just to be extra safe, I've added a function that parses for executables in the
raw, entered text. If found, I post and nasty error message and ignore the entry
Here are my regex patterns. I tried finding a complete list of browser
executables; but was unsuccessful, probably because I didn't use the right key
Anyone have suggestions for additional patterns?
"error_reporting\(0\)",//Most hacks I've seen make certain they turn of error
"\<?php",//Here for the heck of it.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php