Closed rainworm closed 13 years ago
I'm going to add a cleanInput function to cycle through input data running it through htmlspecialchars. That should help :)
I haven't checked your solution yet (I will do so soon), but avoiding special characters should do the job. :)
I found an issue in internal mail system. It allowes cross site scripting (XSS). Do I have to point out that this one is critical and should be fixed as soon as posible?