Hi,
I am working in a whole fix of the problem that $feedback presents ( no
filtering of
typical html/script characters ) .
Because i am trying it in a personal installation of Savane there is no
problem
of making mistakes :)
This a example of the code i am writing:
if ($feedback)
{
$feedback = ereg_replace( "<", " -", $feedback );
}
if somebody wants to inject html code into $feedback it will replace the <
with a - , so the code injection will be not possible.
Other possibility: allow/disallow values of $feedback depending of their
presence in an "allowed values" file.
If an user puts a non-allowed value of $feedback it will return null
content (no $feedback return ).
This requires more coding but is really nice.
Best regards.
--------------------------------------
Lorenzo Hernandez Garcia-Hierro
<-><->-<-><-><-><-><-><-><-><->
PGP: Keyfingerprint:
4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
http://www.tuxedo-es.org
______________________________________
