Jump Start PHP by Callum Hopkins
Author:Callum Hopkins
Language: eng
Format: mobi, epub, pdf
Publisher: SitePoint Pty. Ltd.
Published: 2013-10-26T16:00:00+00:00
http://blog.astrumfutura.com/tag/xss/
Superglobals and $_REQUEST
$_POST and $_GET belong to specific group of variables known as superglobal variables. Superglobals are specially-defined variables—normally arrays—that are built into PHP and can be accessed in any script at any point. They're called superglobals because they can be accessed anywhere, and at any time. The $_SERVER variable we discussed in the previous section is also part of the superglobal family of variables, along with some others that we haven't discussed yet.
Another member of the superglobal family is the $_REQUEST variable. It's a little different from other superglobals, such as $_POST and $_GET. Indeed, $_REQUEST is unusual because its keys are created by all values generated in the current HTTP request by the user's browser. This means that all data stored in the $_GET variable and the $_POST variable can be accessed by $_REQUEST.
In addition, any data stored using browser cookies is also stored in $_REQUEST. At first, you may think this could be very useful, but it actually poses a very significant security risk, specifically because it can access data from cookies in PHP. Having a superglobal that can be accessed anywhere in PHP, and which can also gather cookie data is like have a ticking time bomb sitting in your PHP code.
I strongly advise not using $_REQUEST, and to ensure none of your PHP code is accessing it. This will remove the risk of malicious attacks manipulating the script accessing the superglobal to access your users' sensitive cookie data.
php.ini is set up by default to not include cookie data in $_REQUEST, but if your host has edited PHP's php.ini configuration file, they may have changed the default setting. It's strongly advised not to access cookie data through the $_REQUEST superglobal; the safest method is to turn off access to cookie data in php.ini. For more information on the $_REQUEST superglobal, including examples of it in use, and an overview of the risks entailed in using it, please see the PHP manual's resource page.
Download
Jump Start PHP by Callum Hopkins.epub
Jump Start PHP by Callum Hopkins.pdf
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
| ActiveX | ASP.NET |
| Cold Fusion | CSS |
| DHTML | Java Server Pages |
| JavaScript | PHP |
| Python | Ruby |
| XSL |
Hello! Python by Anthony Briggs(9867)
The Mikado Method by Ola Ellnestam Daniel Brolund(9747)
Dependency Injection in .NET by Mark Seemann(9293)
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7745)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(7517)
Svelte with Test-Driven Development by Daniel Irvine(6846)
Test-Driven Development with PHP 8 by Rainier Sarabia(6564)
Secrets of the JavaScript Ninja by John Resig & Bear Bibeault(6512)
Layered Design for Ruby on Rails Applications by Dementyev Vladimir;(6431)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(6378)
Web Development with Django by Ben Shaw Saurabh Badhwar(5882)
Jquery UI in Action : Master the concepts Of Jquery UI: A Step By Step Approach by ANMOL GOYAL(5783)
React Application Architecture for Production by Alan Alickovic(5624)
Kotlin in Action by Dmitry Jemerov(5019)
Audition by Ryu Murakami(4555)
Hands-On Full-Stack Web Development with GraphQL and React by Sebastian Grebe(4297)
Software Architecture for Web Developers by Mihaela Roxana Ghidersa(4284)
Accelerating Server-Side Development with Fastify by Manuel Spigolon Maksim Sinik & Matteo Collina(4134)
Functional Programming in JavaScript by Mantyla Dan(4018)
