Skip to main content

Oh dear

By Harry Fuecks



Free JavaScript Book!

Write powerful, clean and maintainable JavaScript.

RRP $11.95

Google Code Search for Security Vulnerabilities

Here’s my attempt – hunting for $_GET / $_POST / $_COOKIE placed at the start of on and include / require / include_once / require_once – potentially a path to include remote files. (Un)?fortunately seems to break the search interface right now – although more results are reported, you can’t seem to get beyond page 2 right now.

lang:php (include|require)(_once)?s*['"(]?s*$_(GET|POST|COOKIE)

So what’s the opposite of “security by obscurity” – because this seems to be it – Koders at least kept their search syntax weak.

Harry Fuecks is the Engineering Project Lead at Tamedia and formerly the Head of Engineering at Squirro. He is a data-driven facilitator, leader, coach and specializes in line management, hiring software engineers, analytics, mobile, and marketing. Harry also enjoys writing and you can read his articles on SitePoint and Medium.

New books out now!

Give yourself more options and write higher quality CSS with CSS Optimization Basics.