fix urlencode problem on photo.php pages

Posted by Stewart on 18 Apr 2018 in Activity log

I recently added urlencode() to the invocation of $_GET variables in each of 11 photos.php files. That solved the problem of vulnerability to code-injection attack, but as one of the variables was a pathname, the "/" characters were encoded and thus when that argument was passed on, the encoded path of course failed. I added a function to unencode just the slash characters and passed the urlencoded path to it, thus returning a path in which all potentially dangerous characters other than the "/" are still escaped. That should make the page useable and secure.

This entry was posted by and is filed under Activity log.

Canadian Mysteries

The Canadian Mysteries site consists of a production site containing 12 mysteries, a containing shell and 30 mysteryquests; and a database-driven development site. HCMC took over tech support in summer 08. This blog documents work done on the site from Sept 08. Earlier work is documented in the depts blog in posts prepended with CanMys

Search

XML Feeds

RSS 2.0: Posts
Atom: Posts

What is RSS?

Sidebar 2

This is the "Sidebar 2" container. You can place any widget you like in here. In the evo toolbar at the top of this page, select "Customize", then "Blog Widgets".