3.3 Injection Defenses (File System, Mail)
In this lesson, I’ll demonstrate email injection defenses as well as cover regex’s and PHP’s built-in filtering and validation functions. I’ll also discuss some downsides of these defenses and I’ll demonstrate how to create an email checker. I’ll then demonstrate file-based injection defenses with respect to PHP’s
finfo class, MIME-type checking, and EXIM metadata stripping. We’ll look at the strategy of whitelisting file types and contrast that to a blacklist approach to defense.