Re: Please critique my upload script.
Posted: Sun Aug 09, 2009 1:04 pm
You need an absolute path to read the file, and it still looks like someone can cause your script to echo JS
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
I tried entering <script>alert("XSS")</script> in my url as suggested via another comment but it doesn't alert the message. How can i improve the script to stop any JS code from being echoed?and it still looks like someone can cause your script to echo JS