PHP Classes

I'm concerned about security in some parts of the code: 1) m...

Recommend this page to a friend!

      Moos Validation  >  All threads  >  I'm concerned about security in some...  >  (Un) Subscribe thread alerts  
Subject:I'm concerned about security in some...
Summary:Package rating comment
Messages:3
Author:Artur Graniszewski
Date:2010-08-24 12:30:57
Update:2010-08-25 12:16:38
 

Artur Graniszewski rated this package as follows:

Utility: Insufficient
Consistency: Sufficient
Examples: Sufficient

  1. I'm concerned about security in some...   Reply   Report abuse  
Picture of Artur Graniszewski Artur Graniszewski - 2010-08-24 12:30:57
I'm concerned about security in some parts of the code:

1) mysql_real_escape() in sanitize() method should use connection handler as the second argument (in case of 2 or more simultaneous connections with different characterset encodings).

2) mysql_* functions should not be used before mysql_connect(), otherwise there will be an error. What's more, not every script needs database connection at all to do its job, and in that case - the class will always show mysql errors.

3) the script is written for PHP 5.0+ but not for PHP 5.3? eregi function is deprecated in PHP 5.3 and in some server configurations will show E_DEPRECATED warnings on the user page.

4) sanitize function should check arrays recursively (for example $_POST params can be nested) - currently it isn't - this is potentially dangerous and can lead to code injections.

5) in case of PHP 5.2 you should check filter_var function which is written in pure C and because of that is faster than preg_match (in for example email, URL or IP validation)

Note that I did not checked your entire code, but those are my first thoughts seeing some parts of the class.

  2. Re: I'm concerned about security in some...   Reply   Report abuse  
Picture of Hugo Mastromauro da Silva Hugo Mastromauro da Silva - 2010-08-25 11:01:45 - In reply to message 1 from Artur Graniszewski
Hi Artur,

Thanks for the comment, I'll work harder in class to improve it, was very helpful comments.

  3. Re: I'm concerned about security in some...   Reply   Report abuse  
Picture of Hugo Mastromauro da Silva Hugo Mastromauro da Silva - 2010-08-25 12:16:38 - In reply to message 1 from Artur Graniszewski
Hello Artur,

Realized some changes based on your comments and found it interesting, I hope that now the class is usable.

Thanks