Hendrik Weimer wrote:
> Martin Schulze <[EMAIL PROTECTED]> writes:
>
> > Umh... but since the query_string is already sanitised globally
> > how can XSS still happen? Was the sanitising not sucessful?
>
> AFAICS the query_string is not being decoded first. Therefore, a '>'
> encoded as %3E will slip through. Version 6.5-2 contains the proper
> fix.
It does. I understand now.
Regards,
Joey
--
It's time to close the windows.
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
