Thursday, 5 April 2007

Security Issues with Most preg_match () Filters

Stefan Essar is concerned with the preg_match filters and comes with a post in his blog on how to rectify this issue. He tells you that while performing some audits he came across preg_match() filters that were not correct. He points out that most PHP developers use ^ and $ within their regular expressions without reading the documentation about what they really achieve.

He gives an example with a simple input filter code. He says, the problem is that the author of such a regular expression does not read the documentation and mistakes the character for the definitive end of the subject. However he clarifies that as documented in the PHP manual is that $ means the end of the subject or not the real end but only followed by a single ‘\n’ linebreak.

He also cautions you that in several circumstances, a newline character can be dangerous. He gives an instance as to when you want to stop HTTP Response Splitting or e-mail Injection attacks.