On 10/13/2010 12:19 AM, Daevid Vincent wrote:

Interesting. A co-worker and I were JUST noticing how our PHPDoc comments
were being parsed pretty much verbatim including<b>  tags and links and
stuff and thought, "wow, that's stupid, that's just a XSS or injection
waiting to happen". LOL. Guess someone's ears were burning. ;-)

Why didn't you inform Zend before you went full disclosure?

It's a nasty bug though!!

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to