(on Saturday, 22 November 2008, 12:26 AM +0000):
> On Fri, Nov 21, 2008 at 12:42 PM, Matthew Weier O'Phinney <matthew@zend.com>
> wrote:
>
> -- James Dempster <letssurf@gmail.com> wrote
> (on Friday, 21 November 2008, 11:48 AM +0000):
> > Can someone explain to me what _securityCheck in Zend_Loader does, why
> and to
> > what advantage.
> >
> > I feel like I missing the point on this one.
>
> As the docblock for the method clearly indicates, it is to "ensure that
> filename does not contain exploits." If you look at the regexp, it's
> making sure that the filename specified does not contain characters that
> could potentially lead to an exploit. (There have been a number of
> attack vectors provided in the past against include/require with
> malformed filenames.)
>
>
> It did seem pretty obvious but can't think of any exploits that could be done
> via an include on a filename. Do you have any examples?
Sure, here's one such page:
(You'll notice that that page also recommends the same security check we
utilize.)
Google for "php include exploit", and you'll start to see what the
possibilities are.
--
Matthew Weier O'Phinney
Software Architect | matthew@zend.com
Zend Framework | http://framework.zend.com/
没有评论:
发表评论