[Resolved] Security (JS/SQL Injection)
It seems that therer isn’t any sanitizing of the input fields. For example, entering a first name of <script>alert(‘hello’)</script> is accepted. Then when I view the sign up sheets, I get a nice “hello” popup.
Adding a strip_tags and/or htmlspecialchars in function clean_array might be a simple fix to this problem.
- The topic ‘[Resolved] Security (JS/SQL Injection)’ is closed to new replies.