"</textarea>" tag could be a problem, you might want to use htmlspecialchars in file.php
when you are editing a HTML file wich contains </TEXTAREA>, the content of the file is not escaped so, as you can easily guess, the editing textarea si closed and the HTML code after the end tag is displayed on the page (and some javascript can be executed too)
I am just amazed that something like that is possible, nobody never use TEXTAREAS ??
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
"</textarea>" tag could be a problem, you might want to use htmlspecialchars in file.php
when you are editing a HTML file wich contains </TEXTAREA>, the content of the file is not escaped so, as you can easily guess, the editing textarea si closed and the HTML code after the end tag is displayed on the page (and some javascript can be executed too)
I am just amazed that something like that is possible, nobody never use TEXTAREAS ??
This is definitely a job for htmlentities()!
I use it in my attributes stripper. Very simple code.
http://matthewseremet.com/apps/stripper.php