Martin Schulze <[EMAIL PROTECTED]> writes: > Umh... but since the query_string is already sanitised globally > how can XSS still happen? Was the sanitising not sucessful?
AFAICS the query_string is not being decoded first. Therefore, a '>' encoded as %3E will slip through. Version 6.5-2 contains the proper fix. Hendrik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
