Step-by-step writing of PHP's Framework (14)

Source: Internet
Author: User
Tags empty md5 md5 encryption modify php file setcookie sql injection

Today I'll talk about how to get rid of these security issues in the framework.

The first is SQL injection, and if you're using PDO, I think there's no problem, if you're using APIs like mysql_*, you can implement bindparameter in a framework or string escape before inserting a database.

After writing the last article two days later, Vian in the comments about a solution to SQL injection, which is to do the '. Addslashes ($id) before inserting DB, which means that the addslashes operation is done first, and then the single quote wrapping is forced. So it is a literal string, so it can not inject, I think this method is good, praise a!!

Because the SQL injection needs to be linked to the model, XSS needs to contact the view, which I haven't started, so I'll talk about how to solve it in the framework, and of course, if I write it back and forget it, you can also remind me.

The last time I spoke about CSRF, I didn't give a solution, and today I gave the solution. In fact, the solution is very simple, is to give it a random number, and then determine the passing of the number and the correct number is consistent, if it does not match, do not execute the corresponding code, this random number we call token.

In order to be simple, we write the functions that produce token and get token in the controller, that is, controller.php.

The first is to generate random numbers, the simplest way is to use Mt_rand () directly to produce an integer, but here I use the previous I see in initphp this framework to solve the CSRF method, here, also thank initphp author's thinking:

The code for initphp is:

1 Private Function Set_token () {
2 if (!$_cookie[' Init_token ']) {
3 $STR = substr (MD5 (time). $this->get_useragent ()), 5, 8);
4 Setcookie ("Init_token", $str, NULL, '/');
5 $_cookie[' init_token ' = $str;
6 }
7 }

In order to be simple, I do not use the useragent here, initphp is the current timestamp and useragent stitching into a string and then MD5 encryption, remove the 5th to 8th, my side of the idea is to the current timestamp MD5 encryption, and then start from the No. 0 to take, The length of the string obtained is randomly generated:

1 $token = substr (MD5 (Time ()), 0,mt_rand (10,15));

To prevent random numbers from being too large or too small, I set the range of Mt_rand to 10 to 15, which means that the number of token digits generated is 10 to 15 digits.

After generating the token, the other things will be done. Of course, first of all, is also set token, we do not need every time the user requests to produce a random number, so we put it in the cookie, the frame load will determine whether there is token, if not the dynamic generation of a, of course, The generated token will expire after a period of time, I set the time for 7 days.

1 Private Function _settoken () {
2 if (Empty ($_cookie[' _csrftoken ')) {
3 $token = substr (MD5 (Time ()), 0,mt_rand (10,15));
4 $this->_token = $token;
5 Setcookie (' _csrftoken ', $token, time () + 3600 * 24 * 7);
6 } else {
7 $this->_token = $_cookie[' _csrftoken '];
8 }
9 }

Since the process of generating token is that the framework is automatically completed, there is no need for the user to see this process, so make this function private and then call it in the constructor of the controller class.

Just to generate token, then how to get token, actually get token method is very simple, is a simple getter:

1 protected function _gettoken () {
2 return $this->_token;
3 }

Now I'm going to show you the decision process for the user-written controller:

Suppose the URL of the user request is: Http://localhost/index.php?c=Index&a=test&token=rwerdfdsfsdfs

Then the code for the class of this controller is as follows:

01 <?php
02 Class Indexcontroller extends Controller {
03 Public Function test () {
04 $token = Empty ($_get[' token '))? ': $_get[' token '];
05 if ($token = = = $this->_gettoken ()) {
06 Judged as normal
07 } else {
08 $this->_redirect Array (
09 Jump to a certain action of a controller
10 ));
11 }
12 }
13 }

Some people may ask the URL above token value is how to set up then pass over?

We can think about it, assuming that the previous page is the test2 of the index controller, then we can get token value first using $this->_gettoken in the Test2 action, and then pass the data to the view, After the view is used, the user clicks on the link to pass the token value over.

I now ask a question, suppose the user visits a page when gets token, this token still has two seconds to expire, this user after three seconds clicks this to contain the token link to reach the B page, the B page because the cookie token has already invalidated, therefore again produces a token, Then and pass the token comparison, Nature does not match, and then jump, this is not a problem, then how to solve it?

Because there is a little time, so I mention upload file loopholes, users upload a page such as test.php, if the user did not do file type of decision, users upload this PHP file, follow the link to visit this page, it is possible that this page has some destructive code, the entire site is dangerous.

Perhaps you have already judged in the program, only allows the suffix to jpg,png,gif these three types, then I can change this jsp page suffix to like JPG, after uploading successfully, if the website exists some kind of loophole can let it modify the file suffix, then your website is dangerous!!

Also assume that your site is not allowed to modify the file suffix name, but it is uploaded after the picture with a JS script or upload the file name of some script, these can be very dangerous!!



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.