From d39b4c8448d54bb31b1c9b311f4a86582b156cff Mon Sep 17 00:00:00 2001
From: Jamie York <ziadoz@gmail.com>
Date: Thu, 12 Jul 2012 13:04:00 -0600
Subject: [PATCH] Moved null byte security information into data filtering.

---
 _posts/07-04-01-Data-Filtering.md |  4 +++-
 _posts/07-05-01-Null-Bytes.md     | 18 ------------------
 2 files changed, 3 insertions(+), 19 deletions(-)
 delete mode 100644 _posts/07-05-01-Null-Bytes.md

diff --git a/_posts/07-04-01-Data-Filtering.md b/_posts/07-04-01-Data-Filtering.md
index 524c655..d3ebe41 100644
--- a/_posts/07-04-01-Data-Filtering.md
+++ b/_posts/07-04-01-Data-Filtering.md
@@ -27,12 +27,13 @@ Another example is passing options to be executed on the command line. This can
 command's arguments.
 
 One last example is accepting foreign input to determine a file to load from the filesystem. This can be exploited by
-changing the filename to a file path. You need to remove "/", "../", or other characters from the file path so it can't
+changing the filename to a file path. You need to remove "/", "../", [null bytes][6], or other characters from the file path so it can't
 load hidden, non-public, or sensitive files.
 
 * [Learn about data filtering][1]
 * [Learn about `filter_var`][4]
 * [Learn about `filter_input`][5]
+* [Learn about handling null bytes][6]
 
 ### Sanitization
 
@@ -61,4 +62,5 @@ email address, a phone number, or age when processing a registration submission.
 [3]: http://www.php.net/manual/en/filter.filters.validate.php
 [4]: http://php.net/manual/en/function.filter-var.php
 [5]: http://www.php.net/manual/en/function.filter-input.php
+[6]: http://php.net/manual/en/security.filesystem.nullbytes.php
 [html-purifier]: http://htmlpurifier.org/
diff --git a/_posts/07-05-01-Null-Bytes.md b/_posts/07-05-01-Null-Bytes.md
deleted file mode 100644
index a88f8a1..0000000
--- a/_posts/07-05-01-Null-Bytes.md
+++ /dev/null
@@ -1,18 +0,0 @@
----
-isChild: true
----
-
-## Null Bytes
-
-A null byte `\0` denotes the end of a string in [C](http://en.wikipedia.org/wiki/C_(programming_language)). As PHP uses C for all it's 
-filesystem related operations it means a filesystem path could be [null byte poisoned][2].
-
-To prevent this it is important to remove any null bytes from filesystem paths, _especially_ if they come from user input:
-
-	$filepath = str_replace(chr(0), '', $_FILE['tmp_name']);
-
-[See Null Byte Related Issues][1]
-[See Null Byte Poisoning][2]
-
-[1]: http://php.net/manual/en/security.filesystem.nullbytes.php
-[2]: http://www.madirish.net/?article=436
\ No newline at end of file