Пример #1
0
<?php 
	require_once (__ROOT__.'/classes/XMLHandler.php');

	/* ------------------------------------------
	 * initialize XML handler
	* ------------------------------------------ */
	$lXMLAccountFilePath = "./data/accounts.xml";
	$XMLHandler = new XMLHandler("owasp-esapi-php/src/", $_SESSION["security-level"]);
	$XMLHandler->SetDataSource($lXMLAccountFilePath);
	
	try{
    	switch ($_SESSION["security-level"]){
    		case "0": // This code is insecure
				$lEnableHTMLControls = FALSE;
    			$lFormMethod = "GET";
				$lEnableJavaScriptValidation = FALSE;
				$lProtectAgainstMethodTampering = FALSE;
				$lEncodeOutput = FALSE;
				$lProtectAgainstXPathInjection = FALSE;
				break;

    		case "1": // This code is insecure
				$lEnableHTMLControls = TRUE;
    			$lFormMethod = "GET";
				$lEnableJavaScriptValidation = TRUE;
				$lProtectAgainstMethodTampering = FALSE;
				$lEncodeOutput = FALSE;
				$lProtectAgainstXPathInjection = FALSE;
			break;
	    		
			case "2":