|
|||||||
| PHP Discussion and technical support for using and deploying PHP based websites. |
 |
|
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
#1
11-07-2009, 06:37 AM
|
|||
|
|||
|
Security issue hidden form field
I have designed a form class that builds and validates forms, however the validation is done like so:
If an input is nessersary (needs to be validated) a flag is set in the class call for that input. the name of that field and the type are then assigned to an array and once the form is built, a hidden input is added that has the values of the validation array in it as a seralized array. I was just looking at it though and wondered if that means it is an easy target for XSS? Could someone just post an empty array for my hidden value and circumvent the validation? If so would it be better to assign the arrays to session variables? If this doesnt make sense I can post some of my code up or try and explain myself better. cheers lukaz 
|
|
#2
11-07-2009, 08:50 AM
|
||||
|
||||
|
Quote:
Quote:
__________________
 freelancer.internet.com Email me
|
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
