diff options
| author | Dries Buytaert <dries@buytaert.net> | 2003-06-06 21:37:11 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2003-06-06 21:37:11 +0000 |
| commit | aa38097c07def6d31481dfeeb2bcba520d323b2d (patch) | |
| tree | d3c3d07dbd2886af2d38b1a4d175be32b4d0219c /scripts | |
| parent | 47ba929ce28e5bbc1d1aa3961da8bb08a8cb11f3 (diff) | |
| download | brdo-aa38097c07def6d31481dfeeb2bcba520d323b2d.tar.gz brdo-aa38097c07def6d31481dfeeb2bcba520d323b2d.tar.bz2 | |
- Dropped check_input(); use check_query() instead.
- Made the statistics module use referer_uri() for security's sake.
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/code-style.pl | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/scripts/code-style.pl b/scripts/code-style.pl index cc1f159e7..f7d773e54 100644 --- a/scripts/code-style.pl +++ b/scripts/code-style.pl @@ -69,6 +69,16 @@ while (<>) { elsif (/<br>/i) { $msg = "'<br>' -> '<br />'"; } + elsif (/HTTP_REFERER/i) { + $msg = "the use of HTTP_REFERER is prone to XSS exploits; use referer_uri() instead"; + } + elsif (/QUERY_STRING/i) { + $msg = "the use of HTTP_REFERER is prone to XSS exploits; use referer_uri() instead"; + } + elsif (/REQUEST_URI/i) { + $msg = "the use of HTTP_REFERER is prone to XSS exploits and does not work on IIS; use request_uri() instead"; + } + # XHTML compatibility mode suggests a blank before / # i.e. <br /> elsif (/<[a-z][^>]*[^ >]\/>/i) { |