This module takes any form input on a Drupal site and removes NULL byte poisoning from it.
This module is for you if you:
- Want an added layer of security
- Don't use any NULL bytes on purpose (which you don't)
- Use any form of PHP built-in authentication such as LDAP
How to test:
- Use null byte poisoning on a vulnerable website, e.g.: with Tamper Data for Firefox
- Install this module
- Try again and fail to hack the website through NULL byte poisoning
Important note
This module only filters $form_state['values'] as it is the most common and effective attack vector for NULL byte poisoning. If, for some reason, you save data to or use data from other parts of the $form_state, it is not protected.
Project information
Minimally maintained
Maintainers monitor issues, but fast responses are not guaranteed.- Maintenance fixes only
Considered feature-complete by its maintainers. - Project categories: Security
- Created by kristiaanvandeneynde on , updated
Stable releases for this project are covered by the security advisory policy.
There are currently no supported stable releases.
