I wonder if I have a vulnerability with respect to the code below in the fwrite file?
foreach($_POST as $key=>$val) { fwrite($fh, "\nPOST variable named " . $key . " has the value " . $val); }
Should I somehow sanitize the values ββbefore they are written to the log file?
UPDATE fh - log file handler
There is no vulnerability if the log file is processed by its consumers as plain text (which should always be).
HTML-, (, , ). "" , HTML htmlspecialchars, , .
htmlspecialchars
, $fh. $fh HTML, . , - .
$fh
htmlspecialchars(..) HTML.
htmlspecialchars(..)
UPDATE
, :
text/html
XSS (Cross-Site Scripting) ( HTML, ). , - .