Skip to content

Instantly share code, notes, and snippets.

@hgc81538

hgc81538/README.md

Last active June 23, 2023 04:28
Show Gist options
  • Save hgc81538/4f1c7b8638f6778692b9d8a3d466b7a6 to your computer and use it in GitHub Desktop.
Save hgc81538/4f1c7b8638f6778692b9d8a3d466b7a6 to your computer and use it in GitHub Desktop.
Download ZIP
fortify issue
Raw
README.md

PHP JSON Injection

$content = @filter_var($content, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);

Reference: https://ithelp.ithome.com.tw/questions/10191261

Path Manipulation

function getCleanedName($filename){
	$result = '';
	$strlen = strlen($filename);
	for($i=0; $i<$strlen; $i++){
		$char = substr($filename, $i, 1);

		// 0-9
		for($j = 48; $j < 58; $j++){
			if($char === chr($j)){
				$result .= chr($j);
			}
		}

		// A-Z
		for($j = 65; $j < 91; $j++){
			if($char === chr($j)){
				$result .= chr($j);
			}
		}

		// a-z
		for($j = 97; $j < 123; $j++){
			if($char === chr($j)){
				$result .= chr($j);
			}
		}

		// other valid characters
		switch($char){
			case '-':
				$result .= '-';
				break;
			case '_':
				$result .= '_';
				break;
			case '(':
				$result .= '(';
				break;
			case ')':
				$result .= ')';
				break;
			case ' ':
				$result .= ' ';
				break;
		}
	}

	return $result;
}

Reference: https://security.stackexchange.com/questions/103884/how-to-resolve-path-manipulation-error-given-by-fortify

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment