New PHP template XSS Automatic repair function in Fl

Source: Internet
Author: User
Tags php template smarty template
Previously, Fl had the XSS Automatic repair function of the Smarty template, but it has never been supported by the PHP template. The main reason is that the output of the Smarty template recognition variable is relatively simple. You can determine whether it is a $ header, and there is no value assignment or other operations in it. But the PHP template is very troublesome. You can write any PHP code between the PHP delimiters and do not know when to output the code.

Previously, Fl had the XSS Automatic repair function of the Smarty template, but it has never been supported by the PHP template. The main reason is that the output of the Smarty template recognition variable is relatively simple. You can determine whether it is a $ header, and there is no value assignment or other operations in it. But the PHP template is very troublesome. You can write any PHP code between the PHP delimiters and do not know when to output the code.

Previously, Fl had the XSS Automatic repair function of the Smarty template, but it has never been supported by the PHP template. The main reason is that the output of the Smarty template recognition variable is relatively simple. You can determine whether it is a $ header, and there is no value assignment or other operations in it.

But the PHP template is very troublesome. You can write any PHP code between the PHP delimiters and do not know when to output the code. Even if echo is used for output, echo can be followed by many things, such as strings, variables, expressions, and function calls:

In this case, we have never been able to solve this problem. It would be too troublesome to implement PHP lexical analysis for this function.

Suddenly we found that the lexical analysis method is provided in PHP, And the token_get_all function (this function has been available for a long time ).

After passing the PHP text to this function, you can get the TOKEN list. For details, see PHP official documentation: http://php.net/manual/en/function.token-get-all.php

With this method, you can get the token list and find the echo TOKEN. Or?> End, and determine whether a corresponding escape method exists or the logo is not escaped. If not, add the corresponding escape method (function escaping is used in PHP ).

Code implementation is not very complex, see the github project file: https://github.com/welefen/Fl/blob/master/src/Util/Tpl/PHP.class.php

Ps: Although there are many problems with the function name and Parameter Design in php, there are many real functions. Or all functions have corresponding functions.

In fact, the browser can expose similar interfaces to JS, so many tools do not need to perform lexical analysis once.

Original article address: the PHP template XSS Automatic repair function is added in Fl. Thank you for sharing it with me.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.