Is this php smarty template statement a security flaw?
$smarty->assign(“action”, $_SERVER[“PHP_SELF”]);
PHP_SELF is set client side by the browser so it can be modified by an attacker. Is Smarty “action” assigned to the form action field?
So can an attacker control where to POST data is … Continue reading Is this php smarty template statement a security flaw?