Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This module takes any form input on a Drupal site and removes NULL byte poisoning from it.
This module is for you if you:
- Want an added layer of security
- Don't use any NULL bytes on purpose (which you don't)
- Use any form of PHP built-in authentication such as LDAP
How to test:
- Use null byte poisoning on a vulnerable website, e.g.: with Tamper Data for Firefox
- Install this module
- Try again and fail to hack the website through NULL byte poisoning
Important note
This module only filters $form_state['values'] as it is the most common and effective attack vector for NULL byte poisoning. If, for some reason, you save data to or use data from other parts of the $form_state, it is not protected.
Project information
- Minimally maintained
Maintainers monitor issues, but fast responses are not guaranteed. - Maintenance fixes only
Considered feature-complete by its maintainers. - Module categories: Security
- Created by kristiaanvandeneynde on , updated
- Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.