From: [EMAIL PROTECTED] Operating system: linux 2.4 PHP version: 4.0 Latest CVS (13/04/2001) PHP Bug Type: *Function Specific Bug description: 4.05-dev : non-html escaped strings on phpinfo The PHPinfo() outputs data without running htmlspecialchars() For example: http://www.ispep.cx/phpinfo.php?<script>window.location='http://www.php.net';</script> Keep up the great work, PHP is great! -- Edit Bug report at: http://bugs.php.net/?id=10323&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]