This type of process is potentially
very risky; some unwanted malicious commands such as rm or del could potentially
reduce our server to a gibbering wreck. In this example we define an array of
acceptable commands and use the PHP escapeshellarg() function to escape any
arguments passed to the command.
$allowCmds = array('mysqld', 'apachectl');
$cmd = JRequest::getVar('cmd', false, 'GET', 'WORD');
$arg = JRequest::getVar('arg', false, 'GET', 'WORD');
if( $cmd !== false && !in_array($cmd, $allow) )
{
$cmd .= ' '.escapeshellarg( $arg );
system( $cmd );
}
Using the correct escape mechanism for the system we are accessing is imperative in
preventing code injection attacks.
SQL Injection
Probably one of the most publicized vulnerabilities in PHP applications, SQL
injection is potentially fatal. It is caused by inadequate processing of data before
database queries are executed.
Joomla! provides us with the JDatabase methods getEscaped() and Quote()
specifically for avoiding S???L injection. Consider the following value a' OR name IS
NOT NULL OR name='b.
Pages:
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458