Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Robert Villareal
14,566 PointsFurther explanation on Email Header Injection Exploit
Could someone explain this code further:
foreach ($_POST as $value) {
if(stripos($value, 'Content-Type') !== FALSE ) {
echo "There was a problem with the informatin you entered.";
exit;
}
}
I don't understand which part of the code checks for vulnerabilities. It wasn't really explained on the video, or maybe I missed it entirely.
1 Answer
Jason Anello
Courses Plus Student 94,610 PointsHi Robert,
I don't think it was explained in the video but a link was given in the video so you could read more about it.
http://nyphp.org/phundamentals/8_Preventing-Email-Header-Injection
You can read more about stripos() here: http://php.net/manual/en/function.stripos.php
This code is looping through each of the values in the post array and then checking if the string 'Content Type' appears in any of the values. FALSE will be returned if not found and the if block will be skipped. If that string is found then an index will be returned and the condition will be TRUE so the if block will be executed.
If you take a look at that article you will see 2 snippets of code given in the section titled "Are My Scripts Vulnerable?"
If you look through both snippets you'll find a 400+ character string which contains the string "Content Type" somewhere in it.
Portion of snippet 2:
["password"]=>
string(438) "rfljy@example.com
Content-Type: multipart/mixed; boundary=\"===============1104808547==\"
MIME-Version: 1.0
Subject: da79e5ec
To: rfljy@example.com
bcc: Homeiragtime@aol.com
From: rfljy@example.com
This is a multi-part message in MIME format.
--===============1104808547==
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
twjgdcbd
--===============1104808547==--
"
The code that you have posted will find that and treat it as a header injection attack.
Let me know if this answers your question.
Robert Villareal
14,566 PointsRobert Villareal
14,566 PointsThank you Jason. That explained everything.
Ronny Rosabal
4,812 PointsRonny Rosabal
4,812 PointsThat is a great explanation Jason. May I ask do you know why they used double negative? !==FALSE. Why not == TRUE? It took me a minute to realize that it meant not FALSE.
Jason Anello
Courses Plus Student 94,610 PointsJason Anello
Courses Plus Student 94,610 PointsHi Ronny,
The stripos function will either return a boolean FALSE (if not found) or the index of where the string was found.
From the documentation that I linked to in my answer there's a warning when testing the return values:
It recommends that you use the identical operator
===or you can use the not identical operator!==as in this example. This is because the function might return 0 which can be converted to a boolean false if you only use==or!=In order to be able to tell the difference between whether the function returned a zero (because it was found at the beginning) or a boolean
FALSE(because it wasn't found at all) you have to use the identical or not identical operators.sammalayek
6,743 Pointssammalayek
6,743 PointsSo all this code does is look for the string "Content-Type:" in any of the user inputted fields. I'm surprised this actually works...