#11 print_r false positives

open-accepted
nobody
None
2
2014-08-14
2012-03-20
No

print_r($_GET[$something], true) is not a (direct) XSS vulnerability due to the second parameter.

Discussion

  • Johannes Dahse

    Johannes Dahse - 2012-03-20

    Thank you for reporting this, Christopher. You are right.

     
  • Johannes Dahse

    Johannes Dahse - 2012-03-20
    • priority: 5 --> 2
    • status: open --> open-accepted
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks