|
|
Posted by Jonathan N. Little on 11/22/07 17:42
Beauregard T. Shagnasty wrote:
> BootNic wrote:
>
>> "Beauregard T. Shagnasty" wrote:
>>> <form id="frmcontact" method="post" action="<?php echo
>>> $_SERVER['PHP_SELF']?>">
>> $_SERVER['SCRIPT_NAME'] would be a better option over $_SERVER['PHP_SELF']
>
> I see they return identical results. Is there a reason you think
> SCRIPT_NAME is better? I'm willing to listen, though I've been using
> PHP_SELF for many years.
>
> http://us3.php.net/reserved.variables
>
> 'PHP_SELF'
> The filename of the currently executing script, relative to the document
> root. For instance, $_SERVER['PHP_SELF'] in a script at the address
> http://example.com/test.php/foo.bar would be /test.php/foo.bar. The
> __FILE__ constant contains the full path and filename of the current
> (i.e. included) file.
>
> 'SCRIPT_NAME'
> Contains the current script's path. This is useful for pages which need
> to point to themselves. The __FILE__ constant contains the full path and
> filename of the current (i.e. included) file.
>
http://www.google.com/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=PHP_SELF+xss+vulnerability&spell=1
PHP_SELF xss vulnerability - Google Search
--
Take care,
Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
Navigation:
[Reply to this message]
|