Gareth Heyes' Blog: PHP self return of the slash

Courtesy PHPDeveloper.org  Fri, 09/25/2009 - 09:31

In this new post to his blog Gareth Heyes points out a legacy issue that those running older PHP4-based code might want to look into:

I thought about something I found ages ago in PHP4 and it's been long enough now.

This is also quite funny because my server is vulnerable to this. So what happens if you escape PHP_SELF with htmlentities($_SERVER['PHP_SELF'], ENT_QUOTES)?

Safe from XSS? I hope so. Safe from everything? Well not really or at...

Tags:

 

More related items

Samsung Galaxy Note Breaks the Size Barrier for...

Feds Seize Sports Streaming Domains in New Super Bowl...
US authorities began another round of domain name seizures a few hours ago, targeting several sports streaming sites. Thus far, neither the Department of Justice nor Homeland Security’s...

Getting a descendant (child) widget by name - PHP-GTK...
This script gets a descedant (child) widget by name using recursion. A name should be defined for the child previously, if not as a name is considered the class name. The name is passed as a...


 

Post new comment

The content of this field is kept private and will not be shown publicly.
computer-internet.marc8.com