igorw
commented
13 years ago $_SERVER should also be escaped in most cases.
Open isaacsu opened 13 years ago
igorw
commented
13 years ago $_SERVER should also be escaped in most cases.
$_GET variables coming through need to be escaped, but it needs to be in the context of a slightly broader design discussion. (i.e. what characters are allowed for room names, usernames, etc.)