 |
Join us on FaceBook | |
 |
Submit Your Code | |
 |
Poker Tournaments | |
|
Poker Guide for Developers | |
 |
SEO Monitor | |
 |
UpTime Monitor | |
 |
My Favorite Examples | |
|
My Favorite Articles | |
 |
Update Your Profile |
| More Weber Sites | ||
| PHP Code Search | ||
| Web Development Forums | ||
| Learn MySQL Playing Trivia | ||
| PHPBB2 Templates | ||
| Web Development Resources | ||
| Web Development Content | ||
| Recommended Links | ||
| PHPClasses | ||
| PHP Editor | ||
| PHP Jobs | ||
| Vision.To Design | ||
| Ajax Tutorials | ||
| PHP Programming Help | ||
| PHP/MySQL Programming | ||
| Webmaster Resources | ||
| Webmaster Forum | ||
| XML meta language | ||
| website builder | ||
| Recommended | ||
| פרייסז - השוואת מחירים בסופר | ||
| ZeroLag.com | ||
| Texas Holdem Poker Evangelists | ||
Null bytes related issuesAs PHP uses the underlying C functions for filesystem related operations, it may handle null bytes in a quite unexpected way. As null bytes denote the end of a string in C, strings containing them won't be considered entirely but rather only until a null byte occurs. The following example shows a vulnerable code that demonstrates this problem: Example #1 Script vulnerable to null bytes <?phpTherefore, any tainted string that is used in a filesystem operation should always be validated properly. Here is a better version of the previous example: Example #2 Correctly validating the input <?php |