$lProtectAgainstSQLInjection = TRUE; break; //case "5" } // end switch ($_SESSION["security-level"]) } catch (Exception $e) { echo $CustomErrorHandler->FormatError($e, $lQueryString); } // end try try { /* Grab as much information about visiting browser as possible. Most of this * is available in the HTTP request header. */ $lClientHostname = $lClientInformationHandler->getClientHostname(); $lClientIP = $lClientInformationHandler->getClientIP(); $lClientUserAgentString = $lClientInformationHandler->getClientUserAgentString(); $lClientReferrer = $lClientInformationHandler->getClientReferrer(); $lClientPort = $lClientInformationHandler->getClientPort(); if ($lProtectAgainstSQLInjection) { $lClientHostname = $MySQLHandler->escapeDangerousCharacters($lClientHostname); $lClientUserAgentString = $MySQLHandler->escapeDangerousCharacters($lClientUserAgentString); $lClientReferrer = $MySQLHandler->escapeDangerousCharacters($lClientReferrer); } // end if $lProtectAgainstSQLInjection } catch (Exception $e) { echo $CustomErrorHandler->FormatError($e, $lQueryString); } // end try try { // Declare a temp varaible to hold our collected data $lCapturedData = "";
* For JavaScript, always output using innerText (IE) or textContent (FF), * Do NOT use innerHTML. Using innerHTML is weak anyway. When * attempting DHTML, program with the proper interface which is * the DOM. Thats what it is there for. */ // encode the output following OWASP standards // this will be HTML encoding because we are outputting data into HTML $lEncodeOutput = TRUE; break; }// end switch require_once 'classes/ClientInformationHandler.php'; $lClientInformationHandler = new ClientInformationHandler(); if ($lEncodeOutput){ $lClientUserAgentString = $Encoder->encodeForHTML($lClientInformationHandler->getClientUserAgentString()); }else{ $lClientUserAgentString = $lClientInformationHandler->getClientUserAgentString(); }// end if } catch (Exception $e) { echo $CustomErrorHandler->FormatError($e, $query); }// end try; ?> <!-- Bubble hints code --> <?php try{ $lReflectedXSSExecutionPointBallonTip = $BubbleHintHandler->getHint("ReflectedXSSExecutionPoint"); } catch (Exception $e) { echo $CustomErrorHandler->FormatError($e, "Error attempting to execute query to fetch bubble hints.");