At 8:51 PM -0400 5/19/11, Alex Nikitin wrote:
Tedd, yes you do have to worry about xss, yes with unescaped PHP_SELF you can inject code into the form here <form name="my_form" action="<?php echo($self);?>" method="post" >
Ahhh! Most excellent. I'll change that. Cheers, tedd -- ------- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
