[pLog-svn] r7107 - plog/branches/lifetype-1.2/class/net
Jon Daley
plogworld at jon.limedaley.com
Thu Jan 13 17:14:51 EST 2011
The akismet and mobile plugins have a potential for an XSS type issue due
to their usage of the $_SERVER["user_agent"], but I don't think they are
saving it to the database, or showing it to the user, so I think we are
okay there.
On Thu, 13 Jan 2011, Jon Daley wrote:
> I've searched through the core code, and there aren't any other SERVER
> variables to worry about, unless you can mess with REMOTE_ADDR or HTTP_HOST,
> and then some more work is probably needed to check them.
More information about the pLog-svn
mailing list