Food for thought... [PHP security]

Caporegime
Joined
18 Oct 2002
Posts
29,490
Location
Back in East London
Soldato
Joined
18 Oct 2002
Posts
4,888
nice :)

well you can still use it and in a lot of cases its needed, you've just got to remember to wrap it in htmlentities to cover your arse.
 
Man of Honour
Joined
31 Jan 2004
Posts
16,335
Location
Plymouth
Soldato
Joined
10 Sep 2003
Posts
4,942
Location
Midlands
much of the $_SERVER superglobal can be spoofed anyway so one more wont hurt.

it's just the a case of looping through the $_SERVER superglobal and running each entry through urldecode() and then htmlentities().
 
Caporegime
OP
Joined
18 Oct 2002
Posts
29,490
Location
Back in East London
This is a 'flaw' with PHP, thus it is a problem across all platforms and webservers.

jonno - using urldecode on input is a very touchy subject, as pointed out in one of the comments on the Reserved Variables page on php.net :)
 
Back
Top Bottom