Home > Mobile >  Does chaining filter_input() and filter_var() cause the problem?
Does chaining filter_input() and filter_var() cause the problem?

Time:05-22

I have this url for testing

http://localhost:8000/2.php?site=https://google.com<script></script>

Then I am sanitizing "site":

$site = filter_input(INPUT_GET, 'site', FILTER_SANITIZE_URL);
var_dump($site); // string(35) "https://google.com"
echo "<br>";

Getting absolutely safe url. Then validating it:

$siteValidation = filter_var($site, FILTER_VALIDATE_URL);
var_dump($siteValidation); // bool(false)

And validation fails! Why?

enter image description here

CodePudding user response:

As you can read here, FILTER_SANITIZE_URL does not remove < or > from the string. That's why you see printed:

string(35) "https://google.com"

Clearly the string you see is not 35 chars long (inspect via developer tools in browser and you'll see the "script" part is still there).

That's why next lines fail to validate.

Page link:https//www.codepudding.com/Mobile/415594.html

Prev:How to call a function which returns a number in Drawer item using React Native?
Next:How to create read and write separate repos in CQRS architecture
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding