Changeset 185 for branches/1.1dev/lib


Ignore:
Timestamp:
Jun 24, 2006 11:02:54 PM (18 years ago)
Author:
scdev
Message:

Q - added oTxt() around all printed PHP_SELFs to avoid XSS attack. See: http://blog.phpdoc.info/archives/13-XSS-Woes.html

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/1.1dev/lib/PEdit.inc.php

    r1 r185  
    273273        }
    274274        ?>
    275         <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
     275        <form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="post">
    276276        <input type="hidden" name="filename" value="<?php echo $this->_filename; ?>" />
    277277        <input type="hidden" name="file_hash" value="<?php echo md5('frog_guts' . $this->_filename); ?>" />
Note: See TracChangeset for help on using the changeset viewer.