Variable Poisoning

Variable Poisoning :: Chapter 6 :: A better solution

Golden Rule #1: "Filter Input"
White List over Black List
- Blacklist - permit everything that is not explicitly denied
- Whitelist - deny everything that is not explicitly permitted
Clean Array

        
              $clean         = array ();
            
              $clean['page'] = 'home.php'; //
              Default page
            
              switch ($_GET['page']) {
            
                  case 'news.php':   
              // fall through
            
                  case 'about.php': 
               // fall through
            
                  case 'contact.php': //
              fall through
            
                    $clean['page'] = $_GET['page'];
            
                    break; // no default: case for
              space
            
              }
            
              $valid_languages = array ('en_us', 'en_gb', 'es', 'de', ...);
            
              $lang = get_lang (); // Same as before
            
              $clean['lang'] = in_array ($lang, $valid_languages) ? $lang : 'en_us';
            
              include '/path/to/' . $clean['lang'] . '/' . $clean['page'];

**code compressed to fit on slide.

Penguicon 2006

PHP Aplication Security

Variable Poisoning :: Chapter 6 :: A better solution

Variable Poisoning :: Chapter 6 :: A better solution