Warning. This post is too geeky for words.

The inspiration,

12:36:44 PM ed: I wrote a twitter client
12:36:51 PM me: Yes, I noticed
12:36:55 PM ed: that’s how I roll.
12:36:58 PM me: also changed some phpsecurity update thing
12:37:04 PM me: white and nerdy baby
12:37:31 PM ed: php security is for the squares, dude
12:37:50 PM ed: I roll with my globals registered and all that shit.
12:39:20 PM me: fuck that bitch, I say all ports open
12:40:09 PM ed: I ain’t afraid of yo buffer overflow!
12:42:16 PM me: Stick your buffer overflow in a box!

Which inspired me to rewrite this song in honor of Ilia’s new filter extension and all the hard work the PHP team in putting security fixes with the latest releases.

[The song after the jump]

the song,

My data in a box

You give me your data
You give me your DDoS
You need it back pro rata
and you tell me what to toss

So I feel you deserve
the data throughput
take a look at my extension
and open filter_input()

I put my $_GET in a box for you
I put my $_POST in a box for you
I put my $_COOKIE in a box for you

I put my $_SERV’R in a box for you
I put my $_ENV in a box for you
I put my $_SESS’N in a box for you

There’s a global war on terror
but my globals never die
And phpBB might get you hacked
but my GETs are certified

You might like heaps protected
But, my buffers are so too
MySpace showed the world a worm
But my input is just for you

I put my $_GET in a box for you
(safeeeeee_moooooddddeeee)
I put my $_POST in a box for you
I put my $_COOKIE in a box for you

I put my $_SERV’R in a box for you
(It won’t treat_data)
I put my $_ENV in a box for you
(But it might pass secinfo)
I put my $_SESS’N in a box for you

You put your junk in a box
So there is one thing I could do
I’m putting finishing touches
on my data in a box for youuuuuu

I put my $_GET in a box for you
I put my $_POST in a box for you
I put my $_COOKIE in a box for you

One. Compile 5.2
Two. Choose a filter
Three. Set the filter.default
Four. Read the superglobal
Five. Admire your data

Forgery. (My data in a box)
Fixation. (My data in a box)
Injection. (My "> <script src="http://hacksh.it/data_box.js"> </script>)
Ajax. (My data in a box)

I put my $_SERV’R in a box for you
I put my $_ENV in a box for you
I put my $_SESS’N in a box for you

and the post

2:06:01 PM ed: your messages are too big for gaim’s small birth canal.
2:06:19 PM me: fuck
…
2:08:46 PM me: You like?
2:08:55 PM ed: omg, that is pure balls, man.
2:08:59 PM ed: post that shit
2:09:16 PM me: Okay, give me a moment
…
2:26:19 PM ed: this is a proud day for all Americans
2:26:29 PM me: share with all the other PHP security folx
2:26:32 PM ed: word
2:27:46 PM me: I added some didactic hyperlinks
2:27:51 PM ed: that’s useful
2:28:09 PM me: Doing my part to stop internet terrorism… or start it
2:28:28 PM me: Or to use my php meetup profile…
2:30:24 PM me: “When Zend puts your photo on a deck of cards, you’ve either arrived in the PHP world or you’re a terrorist. I’m a PHP terrorist. :-)”
2:31:00 PM ed: I like that 8D
2:31:21 PM me: I try to earn my title of “bat boy” in the “PHP All-Star Lineup”
2:31:26 PM ed: hahah
2:31:29 PM ed: word up
2:31:32 PM ed: bush league.
2:35:40 PM me: The nice thing about PHP is the more it changes the more it remains the same.
2:35:42 PM me: Same bugs.
2:35:44 PM me: Same issues.
2:35:47 PM me: Different jokes.

Thanks to the PHP Group and all the developers out there for making such a fun product.