John D Lamb escribió: > On Fri, 2007-04-27 at 17:26 -0400, Cristian Rodriguez R. wrote: >> John D Lamb escribió: >> >>> <form method="post" action="<?php echo $SEVER['PHP_SELF']; ?>"> >>> >> >> Sure,and then you get a free security hole. > > Oops. I should have copied this instead of assuming I wouldn't make two > errors in a single line of code. >
Dont worry too much, this specific bug is present in a lot of applications, even in a well known PHP security guide that is widely used as a good programming reference..see my blog post http://blog.flyspray.org/archives/7-Amusing-security-hole-in-Shifletts-security-guide.html
signature.asc
Description: OpenPGP digital signature
