if (strlen(session_id()) == 0) {
session_start();
}
// end if
/* ------------------------------------------
* initialize custom error handler
* ------------------------------------------ */
$CustomErrorHandler = new CustomErrorHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
/* ------------------------------------------
* initialize log handler
* ------------------------------------------ */
$LogHandler = new LogHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
/* ------------------------------------------
* initialize SQLQuery handler
* ------------------------------------------ */
$SQLQueryHandler = new SQLQueryHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
try {
switch ($_SESSION["security-level"]) {
case "0":
// This code is insecure.
$lUseServerSideValidation = FALSE;
$lEncodeOutput = FALSE;
$lTokenizeAllowedMarkup = FALSE;
$lProtectAgainstSQLInjection = FALSE;
$lProtectAgainstMethodTampering = FALSE;
$lValidateInput = FALSE;
break;
case "1":
// This code is insecure.
$lUseServerSideValidation = FALSE;
$lEncodeOutput = FALSE;
$MySQLHandler = &$_SESSION["Objects"]["MySQLHandler"];
*/
$MySQLHandler = new MySQLHandler(__ROOT__ . '/owasp-esapi-php/src/', $_SESSION["security-level"]);
$MySQLHandler->connectToDefaultDatabase();
/* ------------------------------------------
* initialize SQL Query handler
* ------------------------------------------ */
/*
if (!is_object($_SESSION["Objects"]["SQLQueryHandler"])){
$_SESSION["Objects"]["SQLQueryHandler"] = new SQLQueryHandler(__ROOT__.'/owasp-esapi-php/src/', $_SESSION["security-level"]);
}// end if
$SQLQueryHandler = &$_SESSION["Objects"]["SQLQueryHandler"];
*/
$SQLQueryHandler = new SQLQueryHandler(__ROOT__ . '/owasp-esapi-php/src/', $_SESSION["security-level"]);
/* ------------------------------------------
* initialize balloon-hint handler
* ------------------------------------------ */
/*
if (!is_object($_SESSION["Objects"]["BubbleHintHandler"])){
$_SESSION["Objects"]["BubbleHintHandler"] = new BubbleHintHandler(__ROOT__.'/owasp-esapi-php/src/', $_SESSION["security-level"]);
}// end if
// Set up an alias by reference so object can be referenced in memory without copying
$BubbleHintHandler = &$_SESSION["Objects"]["BubbleHintHandler"];
*/
$BubbleHintHandler = new BubbleHintHandler(__ROOT__ . '/owasp-esapi-php/src/', $_SESSION["security-level"]);
if ($_SESSION["showhints"] != $BubbleHintHandler->getHintLevel()) {
$BubbleHintHandler->setHintLevel($_SESSION["showhints"]);
}
session_start();
}
// end if
/* ------------------------------------------
* initialize custom error handler
* ------------------------------------------ */
require_once __ROOT__ . '/classes/CustomErrorHandler.php';
if (!isset($CustomErrorHandler)) {
$CustomErrorHandler = new CustomErrorHandler(__ROOT__ . '/owasp-esapi-php/src/', $_SESSION["security-level"]);
}
// end if
/* ------------------------------------------
* initialize SQL Query Handler
* ------------------------------------------ */
require_once __ROOT__ . '/classes/SQLQueryHandler.php';
$SQLQueryHandler = new SQLQueryHandler(__ROOT__ . "/owasp-esapi-php/src/", $_SESSION["security-level"]);
/* ------------------------------------------
* initialize You Tube Video Handler Handler
* ------------------------------------------ */
require_once __ROOT__ . '/classes/YouTubeVideoHandler.php';
$YouTubeVideoHandler = new YouTubeVideoHandler("owasp-esapi-php/src/", $_SESSION["security-level"]);
if (isset($_REQUEST["level1HintIncludeFile"])) {
$lIncludeFileKey = $_REQUEST["level1HintIncludeFile"];
} else {
$lIncludeFileKey = 52;
// hints-not-found.inc;
}
// end if
$lIncludeFileRecord = $SQLQueryHandler->getLevelOneHelpIncludeFile($lIncludeFileKey);
if ($SQLQueryHandler->affected_rows() > 0) {
$lRecord = $lIncludeFileRecord->fetch_object();
<?php
//initialize session
if (strlen(session_id()) == 0) {
session_start();
}
// end if
/* ------------------------------------------
* initialize SQL Query handler
* ------------------------------------------ */
require_once '../classes/SQLQueryHandler.php';
$SQLQueryHandler = new SQLQueryHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
/* ------------------------------------------
* initialize custom error handler
* ------------------------------------------ */
require_once '../classes/CustomErrorHandler.php';
$CustomErrorHandler = new CustomErrorHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
try {
$lPageName = $_GET["pagename"];
$lQueryResult = $SQLQueryHandler->getPageHelpTexts($lPageName);
echo '<div> </div>';
if ($lQueryResult->num_rows > 0) {
echo ' <div class="help-text-header">
Hack with confidence.
<br/>
Page ' . $lPageName . ' is vulnerable to at least the following:</div>';
while ($row = $lQueryResult->fetch_object()) {
echo $row->help_text;
}
//end while $row
} else {
