ok, but Mike Bretz wrote that it will be better to mark this bug as "Bogus" according to all browsers auto-form completion function. This patch was written very fast, without thinking. Next time I spend more time to focus on security.
ok, what about these bugs : http://bugs.php.net/bug.php?id=46663 http://bugs.php.net/bug.php?id=40696 Will be any improvement to focus on these bugs ? Thank you for fast response. Dne 27. březen 2009 20:04 Stefan Esser <stefan.es...@sektioneins.de> napsal(a): > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello Josef, > > before you want to commit something to the PHP bugs website, you should > recheck your code for obvious XSS bugs in it... > >> + <input class="small" type="text" name="search_for" >> value="<?php if(isset($_GET['search_for'])) echo $_GET['search_for']; >> ?>" size="30" /> > > Greets, > Stefan > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAknNIzMACgkQSuF5XhWr2njSZwCfTsKMpEM+/q4w8jwx8w2rqLFt > EHIAnjpNDsqAS0MdERmWNUHETS2QXLHQ > =477X > -----END PGP SIGNATURE----- > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
