[FX.php List] Very strange - solved

Mark Lindal mlindal at nrcan.gc.ca
Thu Feb 28 08:38:17 MST 2008 

I solved it.
We had implemented a validation on all $_REQUEST values to ensure no  
malicious code was being entered into searches, or the database.

The code is:
foreach($_REQUEST as $key=>$value)
{
  	$value=stripslashes($value);
  	if(validateGenericField($value)==false) { //check to make sure  
data is clean
  		$searchdata[strtolower($key)] = $value;
  	} else {
  		$requesterror=1;
  		break;
  		}
   }

What is happening is that Google via Google toolbar, in this case  
built into Safari and firefox, was placing a cookie on my machine  
called [__utma]
and then save a key like  
246836955.530511967.1178128145.1178128145.1178128145.1
Since our function validateGenericField() finds that to be  
unacceptable data (not a real number and too long), it reports it as  
an error, which killed the search.

I am passing on the warning about these utma, utmb, utmz cookies as  
they are not malicious, but in this case added an extra headache to  
our programming.  I patched the above code to allow these types of  
cookies to pass our validation check.

Amazing that a third party could place a cookie on my machine related  
to my website without my permission.

> I have a weird situation:
> We have just implemented a complex validation system for data on  
> our FX.php Bookstore.
>
> When a person tries to search on data, it checks and validates  
> their input so that we have no malicious code.
> In testing we had no problems.
> Now the Bookstore is back online and live and we have two  
> occurrences where people have reported errors showing up.
>
> 1. On my personal Safari.  Click on Search and enter any data and  
> it errors out and returns me to the search page
> 2. On a PC version of Firefox.  Same thing.
>
> Now the weird part.
> If I go to my clean account, or my home computer and use Safari, no  
> problems.  If we use IE, Netscape or Firefox, we have had no  
> problems reported.
>
> So it is just these two accounts that finding errors in the search  
> and validator code.
>
> Any ideas as to what to narrow my search on?
>
> The website is live at:
> http://bookstore.cfs.nrcan.gc.ca/home_e.php
>
> The two reports are clicking the "more" under popular picks (should  
> display a list of 15 or so publications) and on the search page.
>
> ------------------
> Mark Lindal
> mlindal at nrcan.gc.ca

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20080228/df254b16/attachment-0001.html

More information about the FX.php_List mailing list