Docs for page php

/php_sec.php

Description

PHP Security Library

E-Mail: joxeankoret@yahoo.es

Various regular expressions provideds by :

K. K. Mookhey Founder & CTO Network Intelligence (I) Pvt. Ltd.

This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

Constants

SEC_ERROR_MESSAGE = "Nice try!" (line 47)

Unique error message to show. Is unique because different messages makes possible vulnerabilities found.

SEC_MAX_ARGUMENT_LENGTH = 100 (line 44)

Maximun length of any checked parameter.

Functions

internal_checks (line 205)

++ INTERNAL USE ++

Is an attacker trying to attack PHP Sec?

If the stupid feature REGISTER_GLOBALS is on we are vulnerable to variable poisoning attacks. Check if any person is trying to attack us.

void internal_checks ()

internal_clean (line 181)

++ INTERNAL USE ++

The function replaces the characters that are storeds in $chars in the $data parameter with "", without quotes :)

void internal_clean (mixed $data, mixed $chars)

internal_correct_length (line 235)

void internal_correct_length (mixed $data)

internal_die_action (line 142)

++ INTERNAL USE ++

The function makes the security actions that are specifieds by the developer and/or administrator

void internal_die_action (mixed $reason)

internal_replace (line 156)

++ INTERNAL USE ++

The function tests if the signatures storeds in $the_array array matches with the $data parameter.

void internal_replace (mixed $the_array, mixed $data)

sec_check_all_params (line 472)

Check if any field appears to be attacked

Return true if appears dangerous otherwise false

void sec_check_all_params ()

sec_check_magic_cookie (line 417)

Check for "Magic Cookies" attack

Return true if magic cookie attack appears to be used otherwise false

void sec_check_magic_cookie (mixed $data)

sec_check_param (line 431)

Check if a simple field appears to be attacked

Return true if appears dangerous otherwise false

void sec_check_param (mixed $data)

sec_clean_all (line 384)

Clean the string to avoid XSS, SQL Injection, Directory Traversal and filename/command attacks.

void sec_clean_all (mixed $data)

sec_clean_cmd (line 368)

Clean the string to avoid filename of command attacks

void sec_clean_cmd (mixed $data)

sec_clean_dir (line 352)

Clean the string to avoid Directory Traversal attacks

void sec_clean_dir (mixed $data)

sec_clean_sql (line 340)

Clean the string to avoid SQL Injection attacks

void sec_clean_sql (mixed $data)

sec_clean_xss (line 328)

Clean the string to avoid XSS attacks

void sec_clean_xss (mixed $data)

sec_die (line 562)

The function makes the security actions that are specifieds

by the developer and/or administrator

void sec_die (mixed $reason)

sec_get_float (line 319)

void sec_get_float (mixed $data)

sec_get_int (line 314)

void sec_get_int (mixed $data)

sec_is_attack (line 295)

Appears to be an attack?

Returns true if appears to be an attack otherwise false

void sec_is_attack (mixed $data)

sec_is_directory_traversal (line 271)

Appears to be an Directory Traversal attack?

Returns true if appears to be an attack otherwise false

void sec_is_directory_traversal (mixed $data)

sec_is_sql_injection (line 246)

Appears to be an SQL Injection attack?

Returns true if appears to be an attack otherwise false

void sec_is_sql_injection (mixed $data)

sec_is_valid_email (line 302)

void sec_is_valid_email (mixed $data)

sec_is_xss (line 259)

Appears to be an XSS attack?

Returns true if appears to be an attack otherwise false

void sec_is_xss (mixed $data)

sec_paranoic_check (line 283)

Returns true if any meta-character that is stored in $var_meta_characters found

void sec_paranoic_check (mixed $data)

sec_paranoid_check_all_params (line 538)

Check if any field appears to be attacked in paranoid mode.

Is possible to obtain false positives.

Return true if appears dangerous otherwise false

void sec_paranoid_check_all_params ()

sec_paranoid_check_param (line 495)

Check if a simple field appears to be attacked in paranoid mode.

Is possible to obtain false positives.

Return true if appears dangerous otherwise false

void sec_paranoid_check_param (mixed $data)

sec_paranoid_clean (line 402)

Paranoid check of the passed string.

Return true if appears dangerous otherwise false

void sec_paranoid_clean (mixed $data)

Documentation generated on Fri, 1 Oct 2004 17:46:18 +0200 by phpDocumentor 1.3.0RC3