[wp-hackers] FW: Wordpress All versions XSS

Dino Termini dino at duechiacchiere.it
Wed May 2 20:58:17 GMT 2007

Hi all, I use a custom search form but I replaced that $_SERVER call 
with "root folder":

<form method="post" id="searchform" action="/">

Actually I don't understand why theme developer use the PHP_SELF. Maybe 
for compatibility reasons? (due to .htaccess?)

> The problem (sidebar.php):
> <form method="get" id="searchform" action="<?php echo $_SERVER['PHP_SELF'];
> ?>">
> if wordpress template use custom 404 pages, like:

due chiacchiere <http://feeds.feedburner.com/duechiacchiere>

More information about the wp-hackers mailing list