Filtering in address bar on zf2?

M

Msklf2017-10-31 15:48:20

Zend Framework

Msklf, 2017-10-31 15:48:20

Correctly I understand that if I have a vulnerability here

site.com/site/page?to_email=%00"><script>alert(109)</script>

It is necessary to set the filter in the controller in this line:

$toEmail = $this->getRequest()->getParam('to_email');

I just don’t understand which filter to apply, or validation, or do I look in the wrong place at all?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Arman, 2017-10-31
@Arik

First you need to understand what the vulnerability is, and then see how to do it under Zend.
It is necessary to read in general about the security of development, there was a good article under the rails, under php it is necessary to collect pieces everywhere.
There is only code that you receive data from the user and that's it. You can of course put a check that the value passed must be email. mail, but what's next? exit? 500 error? And so it's all sorted out? and if this is a message from a user who talks about script alert? Read about XSS, SQL injection, etc. for security