Re: Re: RewriteRules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2009-01-13 at 13:29 -0500, Eric Butera wrote:
> On Tue, Jan 13, 2009 at 1:14 PM, Jason Pruim <japruim@xxxxxxxxxx> wrote:
> >
> > On Jan 13, 2009, at 9:46 AM, Ashley Sheridan wrote:
> >
> >> On Tue, 2009-01-13 at 09:33 -0500, tedd wrote:
> >>>
> >>> At 2:33 PM +0000 1/13/09, Ashley Sheridan wrote:
> >>>>
> >>>> On Tue, 2009-01-13 at 09:20 -0500, tedd wrote:
> >>>>>
> >>>>>  Jason:
> >>>>>
> >>>>>  In addition to what everyone else has said, try this:
> >>>>>
> >>>>>  $self = basename($_SERVER['SCRIPT_NAME'])
> >>>>>
> >>>>>  I use it for forms -- you might find it useful.
> >>>>>
> >>>>>  Cheers,
> >>>>>
> >>>>>  tedd
> >>>>>  --
> >>>>>  -------
> >>>>>  http://sperling.com  http://ancientstones.com  http://earthstones.com
> >>>>>
> >>>> No need to use it on forms, as leaving the action attribute empty means
> >>>> the form sends to itself anyway.
> >>>>
> >>>> Ash
> >>>
> >>>
> >>> Ash:
> >>>
> >>> That's what I've said for years, but (I think it was on this list,
> >>> but too lazy to look) there was a concern that some browsers may not
> >>> follow that default behavior.
> >>>
> >>> However, using what I provided will work regardless.
> >>>
> >>> Cheers,
> >>>
> >>> tedd
> >>>
> >>> --
> >>> -------
> >>> http://sperling.com  http://ancientstones.com  http://earthstones.com
> >>>
> >> I've not yet seen a browser that doesn't do this, and it's pretty old
> >> HTML really, so I don't see a reason why any new browsers wouldn't
> >> incorporate it.
> >
> > I prefer to be specific in my programming :)
> >
> > What I typically do with self submitting forms is:
> > <?PHP
> > $self = $_SERVER['PHP_SELF'];
> >
> >
> > echo <<<HTML
> >        <form method="post" action="{$self}">
> > ...
> >
> > </form>
> > HTML;
> > ?>
> >
> > But to each his (Or her) own right?
> >
> >
> > --
> > Jason Pruim
> > japruim@xxxxxxxxxx
> > 616.399.2355
> >
> >
> >
> >
> 
> You know that's asking for xss, right?
How would you go about XSS on this? As I see it, you'd need
register_globals on for that to work.


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux