Excuse my ignorance Rasmus but how do we turn on input filtering now? (I will pretend I know what "input filtering" is)
El dom, 08-02-2004 a las 20:26, Rasmus Lerdorf escribió: > Perhaps the real answer here is to turn on input filtering by default so > we defeat XSS once and for all across the board. > > On Sun, 8 Feb 2004, Derick Rethans wrote: > > > Hey, > > > > while reading the session documentation today > > (en/reference/session/reference.xml) I noticed the following: > > > > To continue, <A HREF="nextpage.php?<?php echo strip_tags (SID)?>">click > > here</A> > > > > The strip_tags() is used when printing the SID in order to prevent XSS > > related attacks. > > > > What's the point of having the SID support < and > anyway and can't we > > just do the 'strip_tags' internally. The usage of strip_tags() in the > > example is now needed, but it looks, well, kinda strange that it is > > needed. > > > > regards, > > Derick > > > > -- > > PHP Internals - PHP Runtime Development Mailing List > > To unsubscribe, visit: http://www.php.net/unsub.php > > -- This message represents the official view of the voices in my head
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente
