On Wed, April 26, 2006 12:53 am, P. Guethlein wrote:
> if(isset($_GET['d'])){setcookie('disp',$_GET['d'],time()+(60*60*24*60));$_COOKIE['disp']=$_GET['d'];}
I suppose this isn't so terribly awful, since experienced users can
forge their Cookies as easily as GET, but as a matter of principle,
you
On 4/26/06, P. Guethlein <[EMAIL PROTECTED]> wrote:
>
> Initial index.php file:
>
> if(isset($_GET['d'])){setcookie('disp',$_GET['d'],time()+(60*60*24*60));$_COOKIE['disp']=$_GET['d'];}
> include_once('writemenus.php');
>
> if(!isset($_GET['href'])) $include = 'startpage.htm';
> else {
> $includ
Initial index.php file:
=
Hackers seem to be able to call a remote script by appending the URL
to the href= command line . ( $include )
What buttons do I need to push to stop this? Does PHP have a setting
to allow only local calls? or do I have to do it in the ind
3 matches
Mail list logo
