11 Dec
2005
11 Dec
'05
4:13 p.m.
Hi
On Mon, 12 Dec 2005 00:06:00 +0100 Sebastian Mendel lists@sebastianmendel.de wrote:
but $goto i special, $goto is not always coming from $_REQUEST
we should differ between $goto and $_REQUEST['goto']
common.inc.php should check $_REQUEST['goto'] against a whitelist and set $goto
$_REQUEST['goto'] is one of this varaibles that should be globally handled by common.inc.php like $_REQUEST['server'], $_REQUEST['db'], $_REQUEST['table'], $_REQUEST['lang'], ...
Exactly ;-).
--
Michal Čihař | http://cihar.com