if (authenticated_user())
{
$authorized = true;
}
if ($authorized)
{
include '/highly/sensitive/data.php';
}
?>
{
$authorized = true;
}
if ($authorized)
{
include '/highly/sensitive/data.php';
}
?>
I've seen that so many times I have it memorized. Now, I don't program with register globals on, and there's really no reason to have it on, but seriously, show of hands. Who would ever write the above code? It's so obviously specious and yet nobody seems to notice. Assuming authenticated_user returns a boolean, everyone would write this:
$authorized = authenticated_user();
And magically, the problem is gone. Why would you ever have two branches that come back together with different variables released into the global namespace, that's just awful. Almost as bad as storing the user's username in a cookie and trusting it blindly, but obviously nobody would ever do that. I'm very worried about this field.
No comments:
Post a Comment