0
我看到我的腳本容易受到XSS的攻擊,我是PHP新手,所以我真的不知道應該看哪裏。這裏是所有我使用代碼:對XSS的保護
<?php
$host = $_SERVER['HTTP_HOST'];
$map = opendir(gif);
$m = 0;
while(false !=($file = readdir($map))){
if($file != "." && $file != ".."){
$gif[$m]= $file;
$m++;
}
}
$random_gif=rand(0,count($gif)-1);
?>
&
<html>
<head>
<meta http-equiv = "Content-Type" content = "text/html; charset=UTF-8">
<title><?php echo $_GET['gif']; ?> - Xanu</title>
</head>
<body><center>
<object width="650" height="650">
<embed src="gif/<?php echo $_GET['gif']; ?>" width="640" height="480"></embed>
<br><b><font face="Arial">
<font size="10"><?php echo $_GET['gif']; ?></font><br><br>
Link naar de bullshit die hier boven staat?<br>
<input type="text" size="55" name="giflink" value="http://<?php echo $host; ?
>/file.php?gif=<?php echo $_GET['gif']; ?>"><br><br>
<?php
echo '<a href="http://'.$host.'/file.php?gif='.$gif[$random_gif].'">Klik hier voor nieuwe bullshit!</a>';
?>
可能重複XSS漏洞?](http://stackoverflow.com/questions/5414962/protection-against-xss-exploits) – MeNa