[Phpmyadmin-devel] Re: [Phpmyadmin-cvs] CVS: phpMyAdmin/test theme.php,NONE,1.1

Michal Čihař michal at cihar.com
Tue Nov 22 12:27:05 CET 2005


Hi

On Tue 22. 11. 2005 10:16, Garvin Hicking wrote:
> Checked against XSS attacks? At least I saw Michals commit about the
> $HTTP_HOST variable to be wrapped within htmlspecialchars() -- and
> does the 'charset' variable now get escaped for being passed to
> header()? I thought we would rather use a PMA_header() function or
> so?

AFAIK charset is set by language file. If not we've XSS attacks also in 
normal code and not only in this one...

-- 
    Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051122/4c3efdb2/attachment.sig>


More information about the Developers mailing list