I made a simple base64 decoder form that accepts input through a text box. I assume the input is base64 encoded. If this is not base64 input, and there returns a PHP error or garbage, I do not mind at the moment. However, from a security point of view, do I need to do any inspection or sanitation at this entrance?
The page is called error-decoder.php, and it submits to itself and does not interact with the database or anything else. That's all:
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8" /> <title></title> </head> <body> <div id="container" style="width: 80%; margin: 0 auto; font-family: sans-serif;"> <form name="error-decoder" action="error-decoder.php" method="post"> <textarea name="error-text-area" style="width: 100%; height: 400px;"> <?php if(!empty($_POST['error-text-area'])){ echo $_POST['error-text-area']; } ?> </textarea> <button type="submit" style="float: right;">Decode</button> </form> <?php if(!empty($_POST['error-text-area'])){ ?> <p>Output:</p> <hr> <div id="error-output"> <br /> <?php echo base64_decode($_POST['error-text-area']) . "</div>"; } ?> </div> </body> </html>
Is there anything that needs to be done to make it safe for both the user and my server? Are there important php.ini settings that I need to worry about that will affect your answer? I donβt care about mistakes or garbage, except how it can affect security. Thanks for any info on this!
source share