* ------------------------------------------------------ */
require_once '../classes/CustomErrorHandler.php';
require_once '../classes/LogHandler.php';
require_once '../classes/SQLQueryHandler.php';
/* ------------------------------------------
* INITIALIZE SESSION
* ------------------------------------------ */
//initialize session
if (strlen(session_id()) == 0) {
session_start();
}
// end if
/* ------------------------------------------
* initialize custom error handler
* ------------------------------------------ */
$CustomErrorHandler = new CustomErrorHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
/* ------------------------------------------
* initialize log handler
* ------------------------------------------ */
$LogHandler = new LogHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
/* ------------------------------------------
* initialize SQLQuery handler
* ------------------------------------------ */
$SQLQueryHandler = new SQLQueryHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
try {
switch ($_SESSION["security-level"]) {
case "0":
// This code is insecure.
$lUseServerSideValidation = FALSE;
$lEncodeOutput = FALSE;
$lTokenizeAllowedMarkup = FALSE;
window.sessionStorage.clear();
window.localStorage.clear();
}catch(e){
alert("Error clearing HTML 5 Local and Session Storage" + e.toString());
};
</script>
<div class="database-success-message">HTML 5 Local and Session Storage cleared unless error popped-up already.</div>
<?php
//Here because of very weird error
session_start();
//initialize custom error handler
require_once 'classes/CustomErrorHandler.php';
if (!isset($CustomErrorHandler)){
$CustomErrorHandler =
new CustomErrorHandler("owasp-esapi-php/src/", 0);
}// end if
require_once 'classes/MySQLHandler.php';
$MySQLHandler = new MySQLHandler("owasp-esapi-php/src/", $_SESSION["security-level"]);
$lErrorDetected = FALSE;
function format($pMessage, $pLevel ) {
switch ($pLevel){
case "I": $lStyle = "database-informative-message";break;
case "S": $lStyle = "database-success-message";break;
case "F": $lStyle = "database-failure-message";break;
case "W": $lStyle = "database-warning-message";break;
}// end switch
return "<div class=\"".$lStyle."\">" . $pMessage . "</div>";
//initialize session
if (strlen(session_id()) == 0) {
session_start();
}
// end if
/* ------------------------------------------
* initialize SQL Query handler
* ------------------------------------------ */
require_once '../classes/SQLQueryHandler.php';
$SQLQueryHandler = new SQLQueryHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
/* ------------------------------------------
* initialize custom error handler
* ------------------------------------------ */
require_once '../classes/CustomErrorHandler.php';
$CustomErrorHandler = new CustomErrorHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
try {
$lPageName = $_GET["pagename"];
$lQueryResult = $SQLQueryHandler->getPageHelpTexts($lPageName);
echo '<div> </div>';
if ($lQueryResult->num_rows > 0) {
echo ' <div class="help-text-header">
Hack with confidence.
<br/>
Page ' . $lPageName . ' is vulnerable to at least the following:</div>';
while ($row = $lQueryResult->fetch_object()) {
echo $row->help_text;
}
//end while $row
} else {
echo ' <div class="help-text-header">
