Krzysztof Pazdur efiku

## file.txt
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: p (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: p=2 AND 9971=9971

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: p=2 AND (SELECT * FROM (SELECT(SLEEP(5)))uQpl)

## LogAnalyzer.php
<?php
namespace Aceme\Log;

class LogAnalyzer
{
    public function IsValidLogFileName($fileName)
    {
        if(!$fileName || !$this->vaildateFileExtension($fileName)){
            throw new \Exception("Plik musi mieć nazwę i poprawne rozszerzenie.", 0001);
        }

## FileExtensionManager.php
<?php
class FileExtensionManager implements IExtensionManager
{
    public function isValid($fileName)
    {
        if($fileName === '' || $fileName === null || $fileName === 0) throw new \Exception("Plik musi mieć nazwę.", 0001);

        $fileName = explode('.', $fileName);

        return strtolower($fileName[1]) !== 'slf' ? false : true;

## AlwaysValidFakeExtensionManager.php
<?php

class AlwaysValidFakeExtensionManager implements IExtensionManager
{
    public function isValid($fileName)
    {
        return true;
    }
}

## LogAnalyzer.php
<?php
class LogAnalyzer
{
    private $manager;

    public function __construct(IExtensionManager $extensionManager)
    {
        $this->manager = $extensionManager;
    }


## SignInController.php
<?php
// use ...
class SignInController extends ContainerAware
{

    public function signInAction(Request $request)
    {

        $signInService = new SignInUserService($this->container->get('user_repository'));

## zapytanie.sql
SELECT `qa_users`.`handle` FROM `qa_uservotes`
INNER JOIN `qa_users`
  ON `qa_users`.`userid` = `qa_uservotes`.`userid`
WHERE `qa_uservotes`.`postid` = ??  AND `qa_uservotes`.`vote` = -1

## hash.php
<?php
/**
 * Created by PhpStorm.
 * User: efik
 */
$bs = [];
$password = "supertajnehaslo";

$hash = password_hash($password, PASSWORD_BCRYPT);
$verify = password_verify($password, $hash);

## pdoExample.php
<?php
/**
 * Created by PhpStorm.
 * User: efik
 * Date: 18.11.15
 * Time: 22:09
 */
if ($_SERVER["REQUEST_METHOD"] !== "POST") {
    die(" Tylko przez POST");
}

## some.php
<?php
/**
 * Created by PhpStorm.
 * User: efik
 * Date: 21.11.15
 * Time: 18:47
 */

$container = new ArrayObject();
	sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
	---
	Parameter: p (GET)
	Type: boolean-based blind
	Title: AND boolean-based blind - WHERE or HAVING clause
	Payload: p=2 AND 9971=9971

	Type: AND/OR time-based blind
	Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
	Payload: p=2 AND (SELECT * FROM (SELECT(SLEEP(5)))uQpl)
	<?php
	namespace Aceme\Log;

	class LogAnalyzer
	{
	public function IsValidLogFileName($fileName)
	{
	if(!$fileName \|\| !$this->vaildateFileExtension($fileName)){
	throw new \Exception("Plik musi mieć nazwę i poprawne rozszerzenie.", 0001);
	}
	<?php
	class FileExtensionManager implements IExtensionManager
	{
	public function isValid($fileName)
	{
	if($fileName === '' \|\| $fileName === null \|\| $fileName === 0) throw new \Exception("Plik musi mieć nazwę.", 0001);

	$fileName = explode('.', $fileName);

	return strtolower($fileName[1]) !== 'slf' ? false : true;
	<?php

	class AlwaysValidFakeExtensionManager implements IExtensionManager
	{
	public function isValid($fileName)
	{
	return true;
	}
	}
	<?php
	class LogAnalyzer
	{
	private $manager;

	public function __construct(IExtensionManager $extensionManager)
	{
	$this->manager = $extensionManager;
	}
	<?php
	// use ...
	class SignInController extends ContainerAware
	{

	public function signInAction(Request $request)
	{

	$signInService = new SignInUserService($this->container->get('user_repository'));
	SELECT `qa_users`.`handle` FROM `qa_uservotes`
	INNER JOIN `qa_users`
	ON `qa_users`.`userid` = `qa_uservotes`.`userid`
	WHERE `qa_uservotes`.`postid` = ?? AND `qa_uservotes`.`vote` = -1
	<?php
	/**
	* Created by PhpStorm.
	* User: efik
	*/
	$bs = [];
	$password = "supertajnehaslo";

	$hash = password_hash($password, PASSWORD_BCRYPT);
	$verify = password_verify($password, $hash);