XSS / Cross Site Scripting Attacks Fixed $_SERVER['PHP_SELF'] ? — PHP Programming Language

You are here: XSS / Cross Site Scripting Attacks Fixed $_SERVER['PHP_SELF'] ? « PHP Programming Language « IT news, forums, messages

Posted by Jim Carlock on 11/21/06 03:46

Are the XSS / Cross Site Scripting attacks fixed in Version 4.44?

I'm seeing that $_SERVER['PHP_SELF'] doesn't return the
$_SERVER['HTTP_QUERYSTRING'] appended to it.

I was just messing with a few things and noticed that PHP_SELF
returns only the page name now and without the $_GET query...

http://blog.phpdoc.info/archives/13-XSS-Woes.html

Any comments on this are appreciated.

Thanks.

--
Jim Carlock
Post replies to the group.

Navigation:

Next in forum: Reflection API doesn't provide list of Nested Functions
Prev in forum: Re: file upload limit using php form, can I use FTP somehow from form?
Thread view: XSS / Cross Site Scripting Attacks Fixed $_SERVER['PHP_SELF'] ?

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация