|
|
Posted by Tim Van Wassenhove on 10/01/08 11:47
On 2006-05-10, John Dunlop <usenet+2004@john.dunlop.name> wrote:
> Tim Van Wassenhove:
>
>> Why would you want the value? I still have to see my first good reason
>> to use it ;) (In case you want to redirect a user to the same place
>> where he came from after a form submit, using '#' as value for the
>> action is as good and it doesn't has the potential security issues as
>> $_SERVER['PHP_SELF'] has...)
>
> I remember a similar discussion a while ago, and I went away thinking
> there was something wrong with my PHP. I still don't know what
> PHP_SELF is meant to be.
[snip bug reports]
Here is an example of possible abuse of forms that use
$_SERVER['PHP_SELF']: http://blog.phpdoc.info/archives/13-XSS-Woes.html
--
Met vriendelijke groeten,
Tim Van Wassenhove <http://timvw.madoka.be>
Navigation:
[Reply to this message]
|