Analysis of Security Principle of addslashes Function Escape in PHP

  • 2021-07-24 10:24:27
  • OfStack

In this paper, the security principle analysis of using addslashes function escape in PHP is described by examples. Share it for your reference. The specific analysis is as follows:

Let's first look at the prototype of addslashes_deep in ECshop under 1

function addslashes_deep($value) {
    if (empty($value)) {
        return $value;  // If it is empty, return directly ;
    } else {
        return is_array($value) ? array_map('addslashes_deep', $value): addslashes($value);
    }  // Recursively process arrays until all array elements are traversed ;
}

There is nothing wrong with the addslashes_deep function itself, but you should pay attention to one point when using it
Just today, I also saw someone posting about the BUG injection vulnerability used by this function on the Internet
This function only escapes the value of the data when referencing the callback function addslashes, so if the user references the key of the array for specific processing in this process, there is a risk of $key injection. At this time, the addslashes_deep function can be changed to escape the key value at the same time, or the key content can be explicitly not referenced when using it.

I hope this article is helpful to everyone's PHP programming.


Related articles: