XSS Hole in PHP_SELF

It was brought to my attention recently by a reader of the blog that there was a vulnerability in one of my posts (The email sending script). I dismissed it becuase PHP_SELF is a server variable but then he confirmed with a proof of concept.

I think you as programmers should have a look at this. It escaped me and before coming into webdesign i was in security so I should have come across it!

http://blog.pryde-design.co.uk/2008/...e-in-php_self/

Andrew

Disclaimer: I am posting this as a contribution to the forum I would like to think that is a good one so please don't remove it just becuase its posted on my blog I have spoken to jackfranklin about my methods already.

Hi Andrew,

The way you have posted this is fine. Thank you.

And good post as well - I read it earlier

__________________
Jack Franklin - Webforumz Moderator
(x)HTML | CSS | PHP | MySQL | JQuery (Javascript)
Contact: My Blog | Twitter | Delicious
Want Lessons? PM me.
If you think I've helped, please press the 'Thanks' Button.

Thankyou for both the endorsement of the post here and the post on the blog it means allot to have your support in this especially as we have disagreed in the past.