22 Nov
2005
22 Nov
'05
7:27 a.m.
Hi On Tue 22. 11. 2005 10:16, Garvin Hicking wrote:
Checked against XSS attacks? At least I saw Michals commit about the $HTTP_HOST variable to be wrapped within htmlspecialchars() -- and does the 'charset' variable now get escaped for being passed to header()? I thought we would rather use a PMA_header() function or so?
AFAIK charset is set by language file. If not we've XSS attacks also in normal code and not only in this one... -- Michal Čihař | http://cihar.com