* ------------------------------------------------------ */ require_once '../classes/CustomErrorHandler.php'; require_once '../classes/LogHandler.php'; require_once '../classes/SQLQueryHandler.php'; /* ------------------------------------------ * INITIALIZE SESSION * ------------------------------------------ */ //initialize session if (strlen(session_id()) == 0) { session_start(); } // end if /* ------------------------------------------ * initialize custom error handler * ------------------------------------------ */ $CustomErrorHandler = new CustomErrorHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]); /* ------------------------------------------ * initialize log handler * ------------------------------------------ */ $LogHandler = new LogHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]); /* ------------------------------------------ * initialize SQLQuery handler * ------------------------------------------ */ $SQLQueryHandler = new SQLQueryHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]); try { switch ($_SESSION["security-level"]) { case "0": // This code is insecure. $lUseServerSideValidation = FALSE; $lEncodeOutput = FALSE; $lTokenizeAllowedMarkup = FALSE;
window.sessionStorage.clear(); window.localStorage.clear(); }catch(e){ alert("Error clearing HTML 5 Local and Session Storage" + e.toString()); }; </script> <div class="database-success-message">HTML 5 Local and Session Storage cleared unless error popped-up already.</div> <?php //Here because of very weird error session_start(); //initialize custom error handler require_once 'classes/CustomErrorHandler.php'; if (!isset($CustomErrorHandler)){ $CustomErrorHandler = new CustomErrorHandler("owasp-esapi-php/src/", 0); }// end if require_once 'classes/MySQLHandler.php'; $MySQLHandler = new MySQLHandler("owasp-esapi-php/src/", $_SESSION["security-level"]); $lErrorDetected = FALSE; function format($pMessage, $pLevel ) { switch ($pLevel){ case "I": $lStyle = "database-informative-message";break; case "S": $lStyle = "database-success-message";break; case "F": $lStyle = "database-failure-message";break; case "W": $lStyle = "database-warning-message";break; }// end switch return "<div class=\"".$lStyle."\">" . $pMessage . "</div>";
//initialize session if (strlen(session_id()) == 0) { session_start(); } // end if /* ------------------------------------------ * initialize SQL Query handler * ------------------------------------------ */ require_once '../classes/SQLQueryHandler.php'; $SQLQueryHandler = new SQLQueryHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]); /* ------------------------------------------ * initialize custom error handler * ------------------------------------------ */ require_once '../classes/CustomErrorHandler.php'; $CustomErrorHandler = new CustomErrorHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]); try { $lPageName = $_GET["pagename"]; $lQueryResult = $SQLQueryHandler->getPageHelpTexts($lPageName); echo '<div> </div>'; if ($lQueryResult->num_rows > 0) { echo ' <div class="help-text-header"> Hack with confidence. <br/> Page ' . $lPageName . ' is vulnerable to at least the following:</div>'; while ($row = $lQueryResult->fetch_object()) { echo $row->help_text; } //end while $row } else { echo ' <div class="help-text-header">