Chris Shiflett wrote:
There is a difference between "works" and "right"
Man... where have I heard that before?!? ;)
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP General Mailing List (http:/
--- Jonathan Haddad <[EMAIL PROTECTED]> wrote:
> I've seen it work with a relative URL, which suprised me,
> because until I had saw that I would have agreed with you.
I assume you mean that you disagree with me.
There is a difference between "works" and "right" (not that a malformed
Location hea
Most browsers work fine with relative URLs in the Location header. The
spec says it has to be absolute, though, and a few browsers require
it.
On Wed, 21 Jul 2004 15:11:37 -0400, Jonathan Haddad
<[EMAIL PROTECTED]> wrote:
> I've seen it work with a relative URL, which suprised me, because until
>
I've seen it work with a relative URL, which suprised me, because until
I had saw that I would have agreed with you.
Jon
Chris Shiflett wrote:
--- Arnout Boks <[EMAIL PROTECTED]> wrote:
header('Location: ' . urlencode('loginForm.php?error=Incorrect
password'));
The Location header require
--- Arnout Boks <[EMAIL PROTECTED]> wrote:
> But about the XSS attacks: what is a XSS attack, and is there
> a way I can let users still use some HTML tags (like and
> )?
You might find this article helpful:
http://shiflett.org/articles/foiling-cross-site-attacks
One easy way to mitigate most o
--- Arnout Boks <[EMAIL PROTECTED]> wrote:
> header('Location: ' . urlencode('loginForm.php?error=Incorrect
> password'));
The Location header requires an absolute URL. Also, this is the header you
are sending:
Location: loginForm.php%3Ferror%3DIncorrect+password
I doubt that's the URL you meant
Ok, thnx, problem solved.
But about the XSS attacks: what is a XSS attack, and is there a way I can
let users still use some HTML tags (like and )?
TIA,
Arnout
"Marek Kilimajer" <[EMAIL PROTECTED]> schreef in bericht
news:[EMAIL PROTECTED]
> Arnout Boks wrote:
> > Hi,
> >
> > I'm building a logi
On Wed, 21 Jul 2004 19:00:06 +0200, Arnout Boks <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm building a login page that redirects the user to the login form when an
> incorrect password is entered. An error message is passed as an URL
> parameter. Something like:
>
> if(!$pwd == $correctPwd){
> h
> Hi,
>
> I'm building a login page that redirects the user to the login form when
> an
> incorrect password is entered. An error message is passed as an URL
> parameter. Something like:
>
> if(!$pwd == $correctPwd){
> header('Location: ' . urlencode('loginForm.php?error=Incorrect
> password'))
On Thursday 22 July 2004 01:00, Arnout Boks wrote:
> if(!$pwd == $correctPwd){
> header('Location: ' . urlencode('loginForm.php?error=Incorrect
You only urlencode() the values of each individual parameter and NOT the whole
url.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open
Arnout Boks wrote:
Hi,
I'm building a login page that redirects the user to the login form when an
incorrect password is entered. An error message is passed as an URL
parameter. Something like:
if(!$pwd == $correctPwd){
header('Location: ' . urlencode('loginForm.php?error=Incorrect
password'));
11 matches
Mail list logo
