Daniele Cruciani
PHP/MySQL Freelance
mobile: +39 3489215204
Hire me before that day! | don't bother
PHP/MySQL Freelance
mobile: +39 3489215204
seconds to the end of World
End of World 21 December, 2012 11:11:00
Hire me before that day! | don't bother
Recent blog posts
- How to hide image to the visitor right click
- Why not to use remove link
- Google Chrome no-cache and Login throw oauth services
- php goodies: filter
- wwwsqldesigner short review
- Defer javascript execution using data
- Simplepie and CodeIgniter
- jquery Form Hint plugin (mine)
- shuffle db table order
- Ajax frontend for my backoffice in jQuery and PHP
Articles
security
Why not to use remove link
Fri, 25/02/2011 - 13:15 — danieleThis is my experience: I have to rewrite administration page where
there is remove button (in a form) with only javascript confirm.
I thought: "no one had problem with no limitation in the past, why they
should now? I'll use a link with javascript confirm.
It happened I have a dashboard page where is listed the last entries
and links for update and delete its. It happened that few day later 20
entries was deleted and I was looking for what caused the problem for
one day.
I supposed no one would be so silly to click on delete for 20 times
Email from your host you are banned (mail php security matter)
Tue, 30/06/2009 - 15:29 — danieleI found this in a server:
$header = "From: <".$_REQUEST['email'].">\n"; #... mail($from,$subjet,$message,$header);
$_REQUEST['email'] came from a form input ...
Here $_REQUEST['email'] should be, at least, stripped by all \n no matter on how you trust to js code..
$from = $_REQUEST['email'];
$from = str_replace("\n","",$from);
$header = "From: <$from>\n";