XSS problems

[akrasic]

Hi,

I've stumbled upon your repo and I couldn't help to notice that there are number of XSS vulnerabilities with the application you are building.

Especially the following part, you can send a pretty XSS code to exploit the MySQL DB.

$sql="DELETE FROM `promena_rezima` WHERE `ID` = " . $_GET['ID'];
mysql_query($sql);
header("location:?s=rezimi");

Please check https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) http://stackoverflow.com/questions/9053736/sql-injection-through-mysql-query

[fgeek]

Don't mix up SQL injections and XSS vulnerabilities. The code snippet contains SQL injection, but the code probably contains both :)