diff options
author | rajatsharma94 <rajat.shrma94@gmail.com> | 2015-07-20 19:19:56 +0200 |
---|---|---|
committer | rajatsharma94 <rajat.shrma94@gmail.com> | 2015-07-20 19:19:56 +0200 |
commit | 78e1b70e35b45455728e4126ed1b19d6332ad26b (patch) | |
tree | 082167986d5cfe0e42d13414c3db0ad603eb8495 /system/helpers/cookie_helper.php | |
parent | 08b9f20df1c108be5c1ab8b32c0fcbed31a079b3 (diff) |
Failed security check
The implemented security check to make sure the path is NOT a URL can easily be bypassed (gives false negative) for all subdomains.
Eg "subdomain.domain.com" should ideally show an error but it does not.
The new security check tries to make a fsockopen connection to validate whether the URL is external or not.
Diffstat (limited to 'system/helpers/cookie_helper.php')
0 files changed, 0 insertions, 0 deletions