22 Nov
2005
22 Nov
'05
1:27 p.m.
Hi
On Tue 22. 11. 2005 10:16, Garvin Hicking wrote:
Checked against XSS attacks? At least I saw Michals commit about the $HTTP_HOST variable to be wrapped within htmlspecialchars() -- and does the 'charset' variable now get escaped for being passed to header()? I thought we would rather use a PMA_header() function or so?
AFAIK charset is set by language file. If not we've XSS attacks also in normal code and not only in this one...
--
Michal Čihař | http://cihar.com