FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Suggestions » Cleaning of Entered data / "Invalid Encoding Attack"
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Cleaning of Entered data / "Invalid Encoding Attack" [message #187500] Sat, 30 June 2018 16:10 Go to next message
alopezie is currently offline  alopezie   Germany
Messages: 98
Registered: September 2003
Karma: 1
Member
add to buddy list
ignore all messages by this user
I had a "specialist" which put characters in the posting and title tags which resulted in some funny "vertical" text and strange letters ....
Someone was saying similar things can happen also in phpBB

So it would be better to clean the entered data.
The user suggested to use mb_check_encoding to prevent so-called "Invalid Encoding Attack".(http://php.net/manual/de/function.mb-check-encoding.php)




Alopezie.de - das Forum zum Thema Haarausfall
Re: Cleaning of Entered data / "Invalid Encoding Attack" [message #187501 is a reply to message #187500] Sun, 01 July 2018 03:25 Go to previous messageGo to next message
naudefj is currently offline  naudefj   United States
Messages: 3685
Registered: December 2004
Karma: 19
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
I've never seen an "Invalid Encoding Attack" and don't know how much of an issue it really is.
Can your specialist maybe help with a patch?
Aw: Re: Cleaning of Entered data / "Invalid Encoding Attack" [message #187502 is a reply to message #187501] Sun, 01 July 2018 03:32 Go to previous messageGo to next message
alopezie is currently offline  alopezie   Germany
Messages: 98
Registered: September 2003
Karma: 1
Member
add to buddy list
ignore all messages by this user
You see here that the data entered in the message header ("Testtesta") even shows up in source code "vertically". In this case he added letters behind "Testtesta" resulting in this strange vertical line of letters.

Also see the nice german logo in the message box.


/forum/index.php?t=getfile&id=6696&private=0
/forum/index.php?t=getfile&id=6697&private=0

To prevent this I guess it would require just to add the php function "mb_check_encoding" in any data entry ....


Alopezie.de - das Forum zum Thema Haarausfall

[Updated on: Sun, 01 July 2018 03:34]

Report message to a moderator

Re: Aw: Re: Cleaning of Entered data / "Invalid Encoding Attack" [message #187503 is a reply to message #187502] Sun, 01 July 2018 04:00 Go to previous messageGo to next message
naudefj is currently offline  naudefj   United States
Messages: 3685
Registered: December 2004
Karma: 19
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
Annoying, but I guess not dangerous.
We can add it to check_post_form() in postcheck.int.t.
Can you assist with a patch?
Aw: Re: Aw: Re: Cleaning of Entered data / "Invalid Encoding Attack" [message #187504 is a reply to message #187503] Sun, 01 July 2018 04:11 Go to previous messageGo to next message
alopezie is currently offline  alopezie   Germany
Messages: 98
Registered: September 2003
Karma: 1
Member
add to buddy list
ignore all messages by this user
Mmhmm I am myself not really a coder, and looking in the examples its beyond my scope.
But will send him the source code and ask him for help


Alopezie.de - das Forum zum Thema Haarausfall
Aw: Re: Aw: Re: Cleaning of Entered data / "Invalid Encoding Attack" [message #187507 is a reply to message #187504] Mon, 02 July 2018 02:44 Go to previous messageGo to next message
alopezie is currently offline  alopezie   Germany
Messages: 98
Registered: September 2003
Karma: 1
Member
add to buddy list
ignore all messages by this user
he gave me the following reply:

Zitat:

Hello, I have checked this and would let that go!

Unfortunately, these are all valid special characters, which also occur in the UTF-8 character set.
The bad guys here are the ones here: Thai์๋lä์์๋n์๋der, who can make several ์๋๋์๋๋๋๋๋, but unfortunately there is no clear pattern here that could be used to filter.
Okay, this is not a security problem, so we may stay "as-is" for the moment - in case it becomes a flood we have to recheck


Alopezie.de - das Forum zum Thema Haarausfall
Re: Aw: Re: Aw: Re: Cleaning of Entered data / "Invalid Encoding Attack" [message #187508 is a reply to message #187507] Mon, 02 July 2018 02:47 Go to previous message
naudefj is currently offline  naudefj   United States
Messages: 3685
Registered: December 2004
Karma: 19
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
Sounds reasonable to me Smile
Ban the buggers that post crap on your forum.
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Suggestion for fudforum.org/forum and the FAQ link.
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Nov 19 12:55:05 EST 2018

Total time taken to generate the page: 0.00660 seconds