|
Low level
- <?php
-
- // Is there any input?
- if( array_key_exists( "name", $_GET ) && $_GET[ 'name' ] != NULL ) {
- // Feedback for end user
- echo '<pre>Hello ' . $_GET[ 'name' ] . '</pre>';
- }
-
- ?>
Medium level
- <?php
-
- // Is there any input?
- if( array_key_exists( "name", $_GET ) && $_GET[ 'name' ] != NULL ) {
- // Get input
- $name = str_replace( '<script>', '', $_GET[ 'name' ] );
-
- // Feedback for end user
- echo "<pre>Hello ${name}</pre>";
- }
-
- ?>
High level
- <?php
-
- // Is there any input?
- if( array_key_exists( "name", $_GET ) && $_GET[ 'name' ] != NULL ) {
- // Get input
- $name = preg_replace( '/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t/i', '', $_GET[ 'name' ] );
-
- // Feedback for end user
- echo "<pre>Hello ${name}</pre>";
- }
-
- ?>
Impossible level
- <?php
-
- // Is there any input?
- if( array_key_exists( "name", $_GET ) && $_GET[ 'name' ] != NULL ) {
- // Check Anti-CSRF token
- checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' );
-
- // Get input
- $name = htmlspecialchars( $_GET[ 'name' ] );
-
- // Feedback for end user
- echo "<pre>Hello ${name}</pre>";
- }
-
- // Generate Anti-CSRF token
- generateSessionToken();
-
- ?>
(编辑:成都站长网)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
