php/archived-doc-es
1
0
Fork 0
mirror of https://github.com/php/doc-es.git synced 2026-03-25 16:02:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
eb9e188a40407e387ff2c694728d1de416aa1bc4
archived-doc-es/reference/taint/book.xml
Pedro Antonio Gil Rodríguez 323cdafb59 Traducción 
git-svn-id: https://svn.php.net/repository/phpdoc/es/trunk@337960 c90b9560-bf6c-de11-be94-00142212c4b1
2015-10-06 14:16:10 +00:00

86 lines
2.1 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<!-- EN-Revision: 0d01b79df7de0bce3c9087517e1d6a7a7f219788 Maintainer: seros Status: ready -->
<!-- Reviewed: no -->
<book xml:id="book.taint" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
<title>Taint</title>
<titleabbrev>Taint</titleabbrev>
<preface xml:id="intro.taint">
&reftitle.intro;
<para>
Taint es una extensión que sirve para detectar código XSS (cadenas de caracteres
corrompidas, «tainted»).
También se puede utilizar para localizar vulnerabilidades a inyecciones SQL, inyecciones
«shell», etc.
</para>
<para>
Si taint está habilitada, advertirá de si se ha proporcionado una cadena corrompida
(que venga de $_GET, $_POST o $_COOKIE) a alguna función.
</para>
<example>
<title>Ejemplo de <function>taint</function></title>
<programlisting role="php">
<![CDATA[
<?php
$a = trim($_GET['a']);
$nombre_fichero = '/tmp' . $a;
$salida = "¡¡¡Bienvenido, {$a} !!!";
$var = "salida";
$sql = "Select * from " . $a;
$sql .= "ooxx";
echo $salida;
print $$var;
include($nombre_fichero);
mysql_query($sql);
?>
]]>
</programlisting>
&example.outputs.similar;
<screen>
<![CDATA[
Warning: main() [function.echo]: Attempt to echo a string that might be tainted
Warning: main() [function.echo]: Attempt to print a string that might be tainted
Warning: include() [function.include]: File path contains data that might be tainted
Warning: mysql_query() [function.mysql-query]: SQL statement contains data that might be tainted
]]>
</screen>
</example>
</preface>
&reference.taint.setup;
&reference.taint.detail;
&reference.taint.reference;
</book>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->
Reference in New Issue View Git Blame Copy Permalink