Php can check the header and block requests from 3rd party domains (modern
web browsers actually do this automatically unless the site explicitly
allow cross domain resources), but I don't have access to see our current
site and it would be my first time doing this. Furthermore, I don't think
this will help because the OP seems to be injecting <script> tags into the
page by using Unicode escaping techniques (the idea is someone could make a
custom version of our page by manipulating a long URL, or worse, post spam
on behalf of a logon section by invoking buttons unbeknownst to the logged
in user.
I'm in a similar boat as LukasW as this will be mostly new to me but I'd
like to know the real-world severity.
Jonathan have you dealt with this before?
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
LMMS-devel mailing list
LMMS-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lmms-devel
