Closed lewisgoddard closed 8 years ago
From phoenix.php#L33:
// TODO Sanatize everything
// once.input.sanatize.php
// IF BINARY
if (
isset($_GET['info_hash']) &&
strlen($_GET['info_hash']) == 20
) {
$_GET['info_hash'] = bin2hex($_GET['info_hash']);
}
if (
isset($_GET['peer_id']) &&
strlen($_GET['peer_id']) == 20
) {
$_GET['peer_id'] = bin2hex($_GET['peer_id']);
}
// END IF BINARY
We should replace all super-global references with ones similar to $Sanitized['GET']['info_hash']
. $Sanitized
should be SQL-safe. This will remove the need for sanitation within functions or before SQL queries.
once.input.sanatize.admin.php
once.input.sanatize.announce.php
once.input.sanatize.scrape.php
once.input.sanatize.tracker.php (both)
admin.php
is done, I'm up to announce.php#L47
announce.php
is done. Only scrape.php
and it's associates to do.
Just de-duplication left. once.sanatize.tracker.php
has two 20-bit binary or 40-bit hexadecimals that work the same.
We will likely want to sanitize all the variables appropriately before we do anything else.