[wp-hackers] FW: Wordpress All versions XSS
Dino Termini
dino at duechiacchiere.it
Wed May 2 20:58:17 GMT 2007
Hi all, I use a custom search form but I replaced that $_SERVER call
with "root folder":
<form method="post" id="searchform" action="/">
Actually I don't understand why theme developer use the PHP_SELF. Maybe
for compatibility reasons? (due to .htaccess?)
Cheers,
camu
> The problem (sidebar.php):
>
> <form method="get" id="searchform" action="<?php echo $_SERVER['PHP_SELF'];
> ?>">
>
> if wordpress template use custom 404 pages, like:
>
--
due chiacchiere <http://feeds.feedburner.com/duechiacchiere>
More information about the wp-hackers
mailing list