コード例 #1
0
ファイル: capture-data.php プロジェクト: neelaryan/mutillidae
            $lProtectAgainstSQLInjection = TRUE;
            break;
            //case "5"
    }
    // end switch ($_SESSION["security-level"])
} catch (Exception $e) {
    echo $CustomErrorHandler->FormatError($e, $lQueryString);
}
// end try
try {
    /* Grab as much information about visiting browser as possible. Most of this
     * is available in the HTTP request header.
     */
    $lClientHostname = $lClientInformationHandler->getClientHostname();
    $lClientIP = $lClientInformationHandler->getClientIP();
    $lClientUserAgentString = $lClientInformationHandler->getClientUserAgentString();
    $lClientReferrer = $lClientInformationHandler->getClientReferrer();
    $lClientPort = $lClientInformationHandler->getClientPort();
    if ($lProtectAgainstSQLInjection) {
        $lClientHostname = $MySQLHandler->escapeDangerousCharacters($lClientHostname);
        $lClientUserAgentString = $MySQLHandler->escapeDangerousCharacters($lClientUserAgentString);
        $lClientReferrer = $MySQLHandler->escapeDangerousCharacters($lClientReferrer);
    }
    // end if $lProtectAgainstSQLInjection
} catch (Exception $e) {
    echo $CustomErrorHandler->FormatError($e, $lQueryString);
}
// end try
try {
    // Declare a temp varaible to hold our collected data
    $lCapturedData = "";
コード例 #2
0
	  			 * For JavaScript, always output using innerText (IE) or textContent (FF),
	  			 * Do NOT use innerHTML. Using innerHTML is weak anyway. When 
	  			 * attempting DHTML, program with the proper interface which is
	  			 * the DOM. Thats what it is there for.
	  			 */
	   			// encode the output following OWASP standards
	   			// this will be HTML encoding because we are outputting data into HTML
				$lEncodeOutput = TRUE;
	   		break;
	   	}// end switch		
	
		require_once 'classes/ClientInformationHandler.php';
		$lClientInformationHandler = new ClientInformationHandler();
		
		if ($lEncodeOutput){
			$lClientUserAgentString = $Encoder->encodeForHTML($lClientInformationHandler->getClientUserAgentString());
		}else{
			$lClientUserAgentString = $lClientInformationHandler->getClientUserAgentString();
		}// end if
	
    } catch (Exception $e) {
		echo $CustomErrorHandler->FormatError($e, $query);
    }// end try;
?>

<!-- Bubble hints code -->
<?php 
	try{
   		$lReflectedXSSExecutionPointBallonTip = $BubbleHintHandler->getHint("ReflectedXSSExecutionPoint");
	} catch (Exception $e) {
		echo $CustomErrorHandler->FormatError($e, "Error attempting to execute query to fetch bubble hints.");