Rasmus Lerdorf <mailto:rasmus@xxxxxxxxxxx> on Friday, May 27, 2005 11:58 AM said: >>> You have all sorts of problems at that URL. To start with, here is >>> a cross-site scripting hack: >>> >>> http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript %09 >>> src%3D%22http://3423329163/v First of all, excellent example. > Don't display arbitrary key names in hidden fields the way you are. What do you mean by "arbitrary key names"? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
