Hi!
it is not for the end user or admin
But then such a file should not be included in the release, or at least renamed to "test.php.txt" so that it can only be executed after being renamed?
i just sticked it fast together and needed to check it in this morning to have it available here
Okay, it's just a thing that needs attention being paid to, because of the ongoing XSS problems in PMA we should have as little code contributing to that situation :)
but what should be checked for XSS? variables used here should already be checked by common.lib.php
Yeah, that was what I didn't know about, since I sadly haven't found time to look at recent PMA code recently. :(
and $HTTP_HOST is not a place for XSS attacks
Why did Michal then fix this a day ago?
Regards, Garvin