Permalink
Browse files

Update example1.php

Separated the HTML from the PHP to make it more readable and fixed two XSS vulnerabilities as can be seen here: http://stackoverflow.com/q/6080022
  • Loading branch information...
FranciscoP
FranciscoP committed Jul 15, 2013
1 parent 91e831f commit 02e94e21713cdec09b28ae5f34810af116ad1442
Showing with 13 additions and 10 deletions.
  1. +13 −10 example1.php
View
@@ -17,17 +17,20 @@
//user is now loaded
header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
}
- }
- echo '<h1>Login</h1>
- <p><form method="post" action="'.$_SERVER['PHP_SELF'].'" />
- username: <input type="text" name="uname" /><br /><br />
- password: <input type="password" name="pwd" /><br /><br />
- Remember me? <input type="checkbox" name="remember" value="1" /><br /><br />
- <input type="submit" value="login" />
+ } ?>
+ <h1>Login</h1>
+ <p><form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" />
+ username: <input type="text" name="uname" /><br /><br />
+ password: <input type="password" name="pwd" /><br /><br />
+ Remember me? <input type="checkbox" name="remember" value="1" /><br /><br />
+ <input type="submit" value="login" />
</form>
- </p>';
+ </p>
+ <?php
}else{
//User is loaded
- echo '<a href="'.$_SERVER['PHP_SELF'].'?logout=1">logout</a>';
+ ?>
+ <a href="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>'?logout=1">logout</a>
+ <?php
}
-?>
+?>

0 comments on commit 02e94e2

Please sign in to comment.