While working on an HTML encoder to properly show PHP code on this site, I perfomed a search on Google that returned no results or error messages.
The strings is quite simple: " (the query is exactly 5 characters long)
The URL that were sent to the server were:
http://www.google.com/search?hl=en&lr=&q=%26%2334%3B
http://www.google.com/search?q=%26%2334%3B&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official
The presented entity (") corresponds to a double quote, similar to &.
Seems like the problem has to do with the ampersand followed by the number sign.
Someone aware of this?
June 29th, 2006
Recently I noticed that a new spider was going thru all of our sites, but there was something special about this one: (more…)
June 26th, 2006
When working with new programmers, and sometimes even experienced ones, I found that most of the time they would know how to solve a problem and code its solution but they wouldn’t be aware of security related implications. In this article, I’ll show how to improve security on PHP forms that use mail().
For a very simple Web site, a common usage of PHP is to create a contact form that will received visitor’s information and send it thru mail to the responsible of the Web site. The solution to this task is quite easy: create a form on HTML which will do a POST of the fields to a PHP script, and on the script use PHP’s mail() function to send the email with the provided information. If you want to have a more flexible solution, you could even receive on the script the recipient’s address, subject or some headers for the message.
(more…)
June 18th, 2006
While I was designing a system that needed to send mass-customized emails from PHP, I faced two problems: a) change the envelope address (Return-path: header) and b) (most important) avoid overloading the server when sending the messages because of virus check.
Basically, I wanted to use a different sendmail configuration file from PHP to skip the relay-mail virus check from Amavis.
(more…)
June 17th, 2006
Next Posts