On 10/13/2010 12:19 AM, Daevid Vincent wrote:
http://80vul.com/Zend%20studio/Zend%20studio%20location%20Cross.htm
Interesting. A co-worker and I were JUST noticing how our PHPDoc comments
were being parsed pretty much verbatim including<b> tags and links and
stuff and thought, "wow, that's stupid, that's just a XSS or injection
waiting to happen". LOL. Guess someone's ears were burning. ;-)
Why didn't you inform Zend before you went full disclosure?
It's a nasty bug though!!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
