OK, nice idea about that search in comments bug. I try to code it tonight.
Next, I found some illogical code in bug tracker source code. For
example, there is a file (include/config.php) with mysql access but it
is not using, but there are some pages using mysql_connect function
followed by mysql_s
Hi Josef
2009/3/27 Josef Šimánek :
> ok, but Mike Bretz wrote that it will be better to mark this bug as
> "Bogus" according to all browsers auto-form completion function.
> This patch was written very fast, without thinking. Next time I spend
> more time to focus on security.
>
> ok, what about t
ok, but Mike Bretz wrote that it will be better to mark this bug as
"Bogus" according to all browsers auto-form completion function.
This patch was written very fast, without thinking. Next time I spend
more time to focus on security.
ok, what about these bugs :
http://bugs.php.net/bug.php?id=4666
Greetings Josef,
Nice, you're already looking at code and proposing patches! :)
My first patch (very easy). I have one more idea about this. The
text
will stay in intputbox only if not found. What do you think ?
Bug is mentioned here : http://bugs.php.net/bug.php?id=40698
Seems logical, exc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Josef,
before you want to commit something to the PHP bugs website, you should
recheck your code for obvious XSS bugs in it...
> + value=" ?>" size="30" />
Greets,
Stefan
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (Darwin)
Co
Hello Josef,
I think nobody will refuse you to join efforts to make everything
better... but this patch I would not use to make this specific page
"better". You managed to break the page with this patch since you do not
escape the output of the user supplied input variable. This is a simple
"
Sorry, forgot to post diff file inside message (I attached it only).
Index: php-bugs-web/include/layout.inc
--- php-bugs-web/include/layout.inc Base (1.33)
+++ php-bugs-web/include/layout.inc Locally Modified (Based On 1.33)
@@ -220,7 +220,7 @@
go to bug id or search bugs fo
