From f59f236333e69f706b5bc61bf065985882cc0a17 Mon Sep 17 00:00:00 2001
From: Jamie York <ziadoz@gmail.com>
Date: Thu, 12 Jul 2012 12:32:51 -0600
Subject: [PATCH] Added security information about handling null bytes.

---
 _posts/07-05-01-Null-Bytes.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 _posts/07-05-01-Null-Bytes.md

diff --git a/_posts/07-05-01-Null-Bytes.md b/_posts/07-05-01-Null-Bytes.md
new file mode 100644
index 0000000..a88f8a1
--- /dev/null
+++ b/_posts/07-05-01-Null-Bytes.md
@@ -0,0 +1,18 @@
+---
+isChild: true
+---
+
+## Null Bytes
+
+A null byte `\0` denotes the end of a string in [C](http://en.wikipedia.org/wiki/C_(programming_language)). As PHP uses C for all it's 
+filesystem related operations it means a filesystem path could be [null byte poisoned][2].
+
+To prevent this it is important to remove any null bytes from filesystem paths, _especially_ if they come from user input:
+
+	$filepath = str_replace(chr(0), '', $_FILE['tmp_name']);
+
+[See Null Byte Related Issues][1]
+[See Null Byte Poisoning][2]
+
+[1]: http://php.net/manual/en/security.filesystem.nullbytes.php
+[2]: http://www.madirish.net/?article=436
\ No newline at end of file