From 1b9ebc967207ffe2855bc3b88c1f998926527640 Mon Sep 17 00:00:00 2001
From: Josh Lockhart <josh@newmediacampaigns.com>
Date: Tue, 19 Jun 2018 14:44:20 -0400
Subject: [PATCH] Update Security links with https

---
 _posts/10-02-01-Web-Application-Security.md |  2 +-
 _posts/10-03-01-Password-Hashing.md         | 16 ++++++++--------
 _posts/10-04-01-Data-Filtering.md           | 14 +++++++-------
 _posts/10-06-01-Register-Globals.md         |  2 +-
 _posts/10-07-01-Error-Reporting.md          | 10 +++++-----
 5 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/_posts/10-02-01-Web-Application-Security.md b/_posts/10-02-01-Web-Application-Security.md
index 662b3c7..ee9c7fb 100644
--- a/_posts/10-02-01-Web-Application-Security.md
+++ b/_posts/10-02-01-Web-Application-Security.md
@@ -15,4 +15,4 @@ methods to protect yourself against them. This is a must read for the security-c
 
 [1]: https://www.owasp.org/
 [2]: https://www.owasp.org/index.php/Guide_Table_of_Contents
-[3]: http://phpsecurity.readthedocs.org/en/latest/index.html
+[3]: https://phpsecurity.readthedocs.io/en/latest/index.html
diff --git a/_posts/10-03-01-Password-Hashing.md b/_posts/10-03-01-Password-Hashing.md
index 6893f9c..5b12ba7 100644
--- a/_posts/10-03-01-Password-Hashing.md
+++ b/_posts/10-03-01-Password-Hashing.md
@@ -12,13 +12,13 @@ It is important that you properly [_hash_][3] passwords before storing them. Pas
 one-way function performed against the user's password. This produces a fixed-length string that cannot be feasibly
 reversed. This means you can compare a hash against another to determine if they both came from the same source string,
 but you cannot determine the original string. If passwords are not hashed and your database is accessed by an
-unauthorized third-party, all user accounts are now compromised. 
+unauthorized third-party, all user accounts are now compromised.
 
 Passwords should also be individually [_salted_][5] by adding a random string to each password before hashing. This prevents dictionary attacks and the use of "rainbow tables" (a reverse list of crytographic hashes for common passwords.)
 
-Hashing and salting are vital as often users use the same password for multiple services and password quality can be poor. 
+Hashing and salting are vital as often users use the same password for multiple services and password quality can be poor.
 
-Fortunately, nowadays PHP makes this easy. 
+Fortunately, nowadays PHP makes this easy.
 
 **Hashing passwords with `password_hash`**
 
@@ -40,9 +40,9 @@ if (password_verify('bad-password', $passwordHash)) {
 } else {
     // Wrong password
 }
-{% endhighlight %}  
+{% endhighlight %}
 
-`password_hash()` takes care of password salting for you. The salt is stored, along with the algorithm and "cost", as part of the hash.  `password_verify()` extracts this to determine how to check the password, so you don't need a separate database field to store your salts. 
+`password_hash()` takes care of password salting for you. The salt is stored, along with the algorithm and "cost", as part of the hash.  `password_verify()` extracts this to determine how to check the password, so you don't need a separate database field to store your salts.
 
 * [Learn about `password_hash()`] [1]
 * [`password_compat` for PHP >= 5.3.7 && < 5.5] [2]
@@ -51,8 +51,8 @@ if (password_verify('bad-password', $passwordHash)) {
 * [PHP `password_hash()` RFC] [4]
 
 
-[1]: http://php.net/function.password-hash
+[1]: https://secure.php.net/function.password-hash
 [2]: https://github.com/ircmaxell/password_compat
-[3]: http://en.wikipedia.org/wiki/Cryptographic_hash_function
+[3]: https://wikipedia.org/wiki/Cryptographic_hash_function
 [4]: https://wiki.php.net/rfc/password_hash
-[5]: https://en.wikipedia.org/wiki/Salt_(cryptography)
+[5]: https://wikipedia.org/wiki/Salt_(cryptography)
diff --git a/_posts/10-04-01-Data-Filtering.md b/_posts/10-04-01-Data-Filtering.md
index a1b3e17..3a5ba75 100644
--- a/_posts/10-04-01-Data-Filtering.md
+++ b/_posts/10-04-01-Data-Filtering.md
@@ -62,11 +62,11 @@ phone number, or age when processing a registration submission.
 [See Validation Filters][3]
 
 
-[1]: http://php.net/book.filter
-[2]: http://php.net/filter.filters.sanitize
-[3]: http://php.net/filter.filters.validate
-[4]: http://php.net/function.filter-var
-[5]: http://php.net/function.filter-input
-[6]: http://php.net/security.filesystem.nullbytes
+[1]: https://secure.php.net/book.filter
+[2]: https://secure.php.net/filter.filters.sanitize
+[3]: https://secure.php.net/filter.filters.validate
+[4]: https://secure.php.net/function.filter-var
+[5]: https://secure.php.net/function.filter-input
+[6]: https://secure.php.net/security.filesystem.nullbytes
 [html-purifier]: http://htmlpurifier.org/
-[unserialize]: https://secure.php.net/manual/en/function.unserialize.php
+[unserialize]: https://secure.php.net/manual/function.unserialize.php
diff --git a/_posts/10-06-01-Register-Globals.md b/_posts/10-06-01-Register-Globals.md
index 79127d1..3b4183d 100644
--- a/_posts/10-06-01-Register-Globals.md
+++ b/_posts/10-06-01-Register-Globals.md
@@ -15,4 +15,4 @@ issues as your application cannot effectively tell where the data is coming from
 For example: `$_GET['foo']` would be available via `$foo`, which can override variables that have not been declared.
 If you are using PHP < 5.4.0 __make sure__ that `register_globals` is __off__.
 
-* [Register_globals in the PHP manual](http://php.net/security.globals)
+* [Register_globals in the PHP manual](https://secure.php.net/security.globals)
diff --git a/_posts/10-07-01-Error-Reporting.md b/_posts/10-07-01-Error-Reporting.md
index 809f018..77cf18f 100644
--- a/_posts/10-07-01-Error-Reporting.md
+++ b/_posts/10-07-01-Error-Reporting.md
@@ -23,7 +23,7 @@ log_errors = On
 
 > Passing in the value `-1` will show every possible error, even when new levels and constants are added in future PHP
 > versions. The `E_ALL` constant also behaves this way as of PHP 5.4. -
-> [php.net](http://php.net/function.error-reporting)
+> [php.net](https://secure.php.net/function.error-reporting)
 
 The `E_STRICT` error level constant was introduced in 5.3.0 and is not part of `E_ALL`, however it became part of
 `E_ALL` in 5.4.0. What does this mean? In terms of reporting every possible error in version 5.3 it means you must
@@ -49,7 +49,7 @@ log_errors = On
 With these settings in production, errors will still be logged to the error logs for the web server, but will not be
 shown to the user. For more information on these settings, see the PHP manual:
 
-* [error_reporting](http://php.net/errorfunc.configuration#ini.error-reporting)
-* [display_errors](http://php.net/errorfunc.configuration#ini.display-errors)
-* [display_startup_errors](http://php.net/errorfunc.configuration#ini.display-startup-errors)
-* [log_errors](http://php.net/errorfunc.configuration#ini.log-errors)
+* [error_reporting](https://secure.php.net/errorfunc.configuration#ini.error-reporting)
+* [display_errors](https://secure.php.net/errorfunc.configuration#ini.display-errors)
+* [display_startup_errors](https://secure.php.net/errorfunc.configuration#ini.display-startup-errors)
+* [log_errors](https://secure.php.net/errorfunc.configuration#ini.log-errors)