philip Thu Feb 1 00:40:24 2007 UTC
Modified files:
/phpdoc/en/reference/session reference.xml
Log:
Removed register_globals = on requirement from an example, and using
htmlspecialchars() instead of strip_tags() for the XSS exploit
prevention example
http://cvs.php.net/viewvc.cgi/phpdoc/en/reference/session/reference.xml?r1=1.57&r2=1.58&diff_format=u
Index: phpdoc/en/reference/session/reference.xml
diff -u phpdoc/en/reference/session/reference.xml:1.57
phpdoc/en/reference/session/reference.xml:1.58
--- phpdoc/en/reference/session/reference.xml:1.57 Fri Jan 13 14:54:47 2006
+++ phpdoc/en/reference/session/reference.xml Thu Feb 1 00:40:24 2007
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.57 $ -->
+<!-- $Revision: 1.58 $ -->
<!-- Purpose: basic.session -->
<!-- Membership: core -->
@@ -325,20 +325,22 @@
<programlisting role="php">
<![CDATA[
<?php
-if (!session_is_registered('count')) {
- session_register('count');
- $count = 1;
+
+session_start();
+
+if (empty($_SESSION['count'])) {
+ $_SESSION['count'] = 1;
} else {
- $count++;
+ $_SESSION['count']++;
}
?>
<p>
-Hello visitor, you have seen this page <?php echo $count; ?> times.
+Hello visitor, you have seen this page <?php echo $_SESSION['count']; ?> times.
</p>
<p>
-To continue, <a href="nextpage.php?<?php echo strip_tags(SID); ?>">click
+To continue, <a href="nextpage.php?<?php echo htmlspecialchars(SID); ?>">click
here</a>.
</p>
]]>
@@ -346,7 +348,7 @@
</example>
</para>
<para>
- The <function>strip_tags</function> is used when printing the SID
+ The <function>htmlspecialchars</function> may be used when printing the
SID
in order to prevent XSS related attacks.
</para>
<para>
