Error message

  • Deprecated function: Creation of dynamic property MergeQuery::$condition is deprecated in MergeQuery->__construct() (line 1357 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property MergeQuery::$condition is deprecated in MergeQuery->__construct() (line 1357 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property MergeQuery::$condition is deprecated in MergeQuery->__construct() (line 1357 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property SelectQuery::$alterTags is deprecated in SelectQuery->addTag() (line 978 of /home/onlinede/public_html/includes/database/select.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property SelectQuery::$alterTags is deprecated in SelectQuery->addTag() (line 978 of /home/onlinede/public_html/includes/database/select.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property SelectQuery::$alterTags is deprecated in SelectQuery->addTag() (line 978 of /home/onlinede/public_html/includes/database/select.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property SelectQuery::$alterTags is deprecated in SelectQuery->addTag() (line 978 of /home/onlinede/public_html/includes/database/select.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).
  • Deprecated function: Creation of dynamic property DatabaseCondition::$stringVersion is deprecated in DatabaseCondition->compile() (line 1887 of /home/onlinede/public_html/includes/database/query.inc).

Security in website

<IfModule mod_headers.c> 
 Header set X-XSS-Protection "1; mode=block"
 Header always set X-Frame-Options "sameorigin"
 Header set X-Content-Type-Options "nosniff"
 #Header set Content-Security-Policy "default-src 'self'; script-src 'nonce-%{UNIQUE_ID}e' 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self';"
</IfModule>

<FilesMatch ".(zip)$">
Order Allow,Deny
Deny from all
</FilesMatch>

----------------------------------------------------

Implement nonce in header:

header('Content-Security-Policy: default-src \'self\'; script-src \'nonce-'.$user->nonce_str.'\' \'self\'; style-src \'self\' \'unsafe-inline\'; object-src \'none\'; base-uri \'self\';');

 <script src="js/bootstrap.js" nonce="<?php echo $user->nonce_str; ?>"></script>

------------------------------------------------------

noopener noreferrer in a link: 

<div> <a href="#" target="_blank" rel="noopener noreferrer">linking status</a></div>

--------------------------

Authentication Bypass Using HTTP Verb Tampering:

HTTP Verb Tampering is an attack that exploits vulnerabilities in HTTP verb (also known as HTTP method) authentication and access control mechanisms.

Hypertext transfer protocol (HTTP) gives you list of methods that can be used to perform actions on the web server.

Following are some of the methods:

  • HEAD
  • GET
  • POST
  • PUT
  • DELETE
  • TRACE
  • OPTIONS
  • CONNECT

In HTTP methods, GET and POST (and sometimes PUT) are most commonly used by developers to access information provided by a web server. 

 

The simplest form of HTTP Verb manipulation:
+ Changing GET to POST
+ Change POST to GET
+ etc.