Menu
▾
▴
Re: [Phpwebsite-developers] Security Explained
|
From: Jim W. <spi...@us...> - 2004-09-03 13:29:34
|
Matthew McNaney said: > > we can lock out all html tags from normal users leaving them just > > with BBCode? That would solve a great many of these types of security > > issues. > > Quick note: the hack works with BBCode as well > [img]index.php?module=users&doevil=1[/img] > Hmmmm...it just occurred to me that we could parse and remove "module=" (like an obscene word). Best, Jim |
