Hey,
while reading the session documentation today
(en/reference/session/reference.xml) I noticed the following:
To continue, <A HREF="nextpage.php?<?php echo strip_tags (SID)?>">click
here</A>
The strip_tags() is used when printing the SID in order to prevent XSS
related attacks.
What's the point of having the SID support < and > anyway and can't we
just do the 'strip_tags' internally. The usage of strip_tags() in the
example is now needed, but it looks, well, kinda strange that it is
needed.
regards,
Derick
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
