Open isaacsu opened 13 years ago
$_GET variables coming through need to be escaped, but it needs to be in the context of a slightly broader design discussion. (i.e. what characters are allowed for room names, usernames, etc.)
$_SERVER should also be escaped in most cases.
$_GET variables coming through need to be escaped, but it needs to be in the context of a slightly broader design discussion. (i.e. what characters are allowed for room names, usernames, etc.)