Hello David, > So what exactly does the parameter Mode do? Isn't this line showing that a > parameter with value got passed to a script with GET? In that case, which > input validation / processing do your scripts have?
> David > _______________________________________________ Indeed, it was a GET passed directly through the browser as a URL. At first I didn't understand where it came from because the "selector" is a link not a form. When you click on the link on the index page, it does a page refresh and passes the new selection criteria so that when the page comes back it contains the thumbnails for the new request. Frankly, I didn't know the script did that until I started to analyze the badguy's submission and discovered what 'Mode' did by doing a print_r of $_REQUEST in a test. -- Best regards, mikesz mailto:[EMAIL PROTECTED] _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
