Context Navigation

PEdit.inc.php

Timestamp:

Jun 24, 2006 11:02:54 PM (18 years ago)

Author:

scdev

Message:

Q - added oTxt() around all printed PHP_SELFs to avoid XSS attack. See: http://blog.phpdoc.info/archives/13-XSS-Woes.html

File:

-                      r101
+                      r185
+        }
         ?>
         <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" id="sc-pedit-form">
         <input type="hidden" name="filename" value="<?php echo $_SERVER['PHP_SELF']; ?>" />
+        <form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="post" id="sc-pedit-form">
+        <input type="hidden" name="filename" value="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" />
         <input type="hidden" name="file_hash" value="<?php echo $this->_fileHash(); ?>" />
         <?php

Note: See TracChangeset for help on using the changeset viewer.