Friday, July 16, 2010

Weakness of Codeigniter Input Library

Codeigniter Input Library has minimized many security holes. But still there are some leaks in it. The input library has defined some html keywords as naughty entries. But these naughty keywords are not all to be aware of.

There are still many keywords which have significant threat for a website. So, we must need to take care of those malwords. Let's discuss some of them.

the header tags 'h1', h2, h3, h4, h5, h6 can have a significant impact, if we use it with the input library. if we use only the starting tag and never end those tags, then our page layout will be broken. Use the following with h1 tag at the beginning and you will see the result in the browser.

it is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using 'Content here, content here', making it look like readable English. Many desktop publishing packages and web page editors now use Lorem Ipsum as their default model text, and a search for 'lorem ipsum' will uncover many web sites still in their infancy. Various versions have evolved over the ye

Again if we use b, strong keywords the same will be the case.

See how to solve it here.
See the book OpenCart 1.4 Template Design Cookbook.
See the book Joomla Mobile Development Beginners Guide




List of my works:

Opencart Extensions:

  1. Product Based Quantity Wise Shipping: Find it here.
  2. OpenSSLCOMMERZ: integrate SSLCOMMERZ with opencart: Find it here.
  3. Fine Search v.1.0 - Improves Opencart search feature to find relevant: Find it here.
  4. Opensweetcaptcha - An easy way to generate attractive captcha for your system!: Find it here.
  5. Custom Field Product - add unlimited custom fields to the product form: Find it here.
  6. Formcaptcha - add captcha on the register page: Find it here.

My Books:

  1. OpenCart 1.4 Template Design Cookbook.
  2. Joomla Mobile Development Beginners Guide

No comments: