security bug in PHP-server-1.1
Jonathan Daugherty
cygnus at janrain.com
Tue Apr 10 16:29:19 PDT 2007
Howdy,
Thanks for taking the time to produce these patches. When I get some
time, I will definitely do a pass to be sure that output is properly
escaped. In the mean time, it would be extremely helpful if you can:
- Produce patches using the "diff" command
- Modify the templates -- not the PHP code itself -- when escaping
output. The templates are the correct place for that; the PHP code
is not.
Thanks!
--
Jonathan Daugherty
JanRain, Inc.
irc.freenode.net: cygnus in #openid
cygnus.myopenid.com
More information about the Dev
mailing list