On 10/13/2010 12:19 AM, Daevid Vincent wrote:
http://80vul.com/Zend%20studio/Zend%20studio%20location%20Cross.htm Interesting. A co-worker and I were JUST noticing how our PHPDoc comments were being parsed pretty much verbatim including<b> tags and links and stuff and thought, "wow, that's stupid, that's just a XSS or injection waiting to happen". LOL. Guess someone's ears were burning. ;-)
Why didn't you inform Zend before you went full disclosure? It's a nasty bug though!! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php