| Subject: | base64_decode and base64_encode... |
|---|
| Summary: | Package rating comment |
|---|
| Messages: | 2 |
|---|
| Author: | Artur Graniszewski |
|---|
| Date: | 2010-09-02 13:31:28 |
|---|
| Update: | 2010-09-02 14:14:17 |
|---|
| |
|
|
Artur Graniszewski rated this package as follows:
| Utility: | Insufficient |
|---|
| Consistency: | Good |
|---|
| Examples: | Sufficient |
|---|
|
|
 Artur Graniszewski - 2010-09-02 13:31:31 base64_decode and base64_encode functions are one of the most useful mechanism used to store binary data in databases or pass binaries through binary-unsafe protocols (like SOAP or REST). Your class threatens this functions as potentially dangerous.
For me, you should scan files for "eval" (in conjunction with base64_decode and a long param), "iframe", or include/requre(_once) pointing to remote files.
 Er. Rochak Chauhan - 2010-09-02 14:14:17 - In reply to message 1 from Artur GraniszewskiHi Artur,
I agree with you... but you must have noticed I have provided an option to pass any function/keyword to be scanned.
Your point is well noted.
Thanks.
Rochak Chauhan
|
