Changeset 185 for tags/2.0.2/bin/module_maker/skel/adm_list.ihtml

Timestamp:

Jun 24, 2006 11:02:54 PM (18 years ago)

Author:

scdev

Message:

Q - added oTxt() around all printed PHP_SELFs to avoid XSS attack. See: ​http://blog.phpdoc.info/archives/13-XSS-Woes.html

File:

• tags/2.0.2/bin/module_maker/skel/adm_list.ihtml (modified) (2 diffs)

tags/2.0.2/bin/module_maker/skel/adm_list.ihtml

@@ -3 +3 @@
 
 <div id="commandbox">
-<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
+<form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="get">
 <?php App::printHiddenSession(false); ?>
     <span class="nowrap commandtext"><a href="<?php echo App::oHREF($_SERVER['PHP_SELF'] . '?op=add'); ?>"><?php echo _("Add %ITEM_TITLE%"); ?></a></span>
@@ -16 +16 @@
 </div>
 
-<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
+<form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="post">
 <?php App::printHiddenSession(); ?>
 <?php include 'list_info.ihtml'; ?>