Hi:
I've been using a php style switcher allowing users to change css.
The code follows:
Within the head tags.
<link rel="stylesheet" type="text/css" media="screen" href="<?php
echo (!$thestyle)?'style1':$thestyle ?>.css" >
Within the body tags, allowing the user to select which style they want:
<a href="switch.php?set=style2">Green</a> or <a
href="switch.php?set=style1">Red</a>
And, the corresponding (switch.php) php code is:
<?php
setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
header("Location: $HTTP_REFERER");
?>
It's pretty simple. But recently, I had one person hammer me stating
it was a security problem because I didn't validate the user input.
As such, he says that someone could inject an arbitrary code and
cause problems.
1. Is he right?
2. How does that work?
3. If so, what do I do to correct this?
Many thanks for any replies.
tedd
--
--------------------------------------------------------------------------------
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
