ID: 10323 Updated by: sniper Reported By: [EMAIL PROTECTED] Old-Status: Open Status: Closed Bug Type: *Function Specific Operating system: PHP Version: 4.0 Latest CVS (13/04/2001) Assigned To: Comments: Fixed in CVS. --Jani Previous Comments: --------------------------------------------------------------------------- [2001-04-13 23:10:28] [EMAIL PROTECTED] The PHPinfo() outputs data without running htmlspecialchars() For example: http://www.ispep.cx/phpinfo.php?<script>window.location='http://www.php.net';</script> Keep up the great work, PHP is great! --------------------------------------------------------------------------- ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=10323&edit=2 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
