verify no PHP_SELF vulnerability in Kickstart router detection - Githubissues

jthurteau / saf

Structured Authoring Framework

GNU General Public License v3.0

0 stars 0 forks source link

verify no PHP_SELF vulnerability in Kickstart router detection #2

Open jthurteau opened 7 years ago

jthurteau commented 7 years ago

http://www.webadminblog.com/index.php/2010/02/23/a-xss-vulnerability-in-almost-every-php-form-ive-ever-written/

jthurteau commented 6 years ago

If APPLICATION_BASE_URL is autodetected, it can be an issue. https://github.com/jthurteau/saf/blob/1b8800548ce4f90340fd7c45f1e39e2d0f9e1f79/Kickstart.php#L1243