Category Archives: PHP

Cross-site scripting in millions of web sites

In August 2014 I found a severe cross-site scripting security vulnerability in the latest version (1.13.0) of the ‘jQuery Validation Plugin‘ during a security penetration test for a customer. This jQuery plugin which adds easy form validation functionality to a web site, is … Continue reading

Posted in cross site scripting, Google, PHP, responsible disclosure | 62 Comments

“Implicaties applicatieconfiguratie opslaan in PHP constanten?”

Hieronder mijn antwoord dat ik voor iemand geschreven heb die mij de volgende vraag stelde: “Is het wijs om de applicatieconfiguratie op te slaan in constanten, in plaats van in een array?” Het voordeel van het opslaan van waardes in … Continue reading

Posted in PHP, PHP security | Comments Off on “Implicaties applicatieconfiguratie opslaan in PHP constanten?”

Setting cookies in PHP

My experience with setting cookies with PHP, a must read for every developer that uses Windows XP and doesn’t want to spend his time debugging cookies. If you’re using Windows XP with Internet Explorer and have a local web server … Continue reading

Posted in bug, PHP | Comments Off on Setting cookies in PHP