Read README.input_filter in the php5 tree. On Sun, 8 Feb 2004, Juan Alonso wrote:
> Excuse my ignorance Rasmus but how do we turn on input filtering now? (I > will pretend I know what "input filtering" is) > > El dom, 08-02-2004 a las 20:26, Rasmus Lerdorf escribió: > > Perhaps the real answer here is to turn on input filtering by default so > > we defeat XSS once and for all across the board. > > > > On Sun, 8 Feb 2004, Derick Rethans wrote: > > > > > Hey, > > > > > > while reading the session documentation today > > > (en/reference/session/reference.xml) I noticed the following: > > > > > > To continue, <A HREF="nextpage.php?<?php echo strip_tags (SID)?>">click > > > here</A> > > > > > > The strip_tags() is used when printing the SID in order to prevent XSS > > > related attacks. > > > > > > What's the point of having the SID support < and > anyway and can't we > > > just do the 'strip_tags' internally. The usage of strip_tags() in the > > > example is now needed, but it looks, well, kinda strange that it is > > > needed. > > > > > > regards, > > > Derick > > > > > > -- > > > PHP Internals - PHP Runtime Development Mailing List > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > This message represents the official view of the voices in my head > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
