Quote:
|
Originally Posted by zaartix
<input type='hidden' name='path' value='Dep2/%'>
this is dangerous string. What if "hacker" add into this string code:
<input type='hidden' name='path' value='Dep2/%"; drop table ha-ha; "'> or something else
|
I would expect the PhpDig code to contain an AddSlashes to avoid such a problem.