simboski19 Posted March 6, 2012 Share Posted March 6, 2012 Hi there, I am having some issues with a page failing security tests because of a form. The form's text input files is getting sanitized when posted but the only thing I can think is that the form action="" is $_SERVER['REQUEST_URI'] and this then includes anything that is within the URL. <form name="zipcode" id="zipcode" action="<?php echo htmlentities($_SERVER['REQUEST_URI'], ENT_QUOTES, "UTF-8"); ?>" method="post"> <label for="zip" class="smalllbl">Zipcode: </label> <input type="text" class="smallzip" name="zip" id="zip" value="" /> </form> Has anyone else experienced this when running PCI Compliance style security tests? And if you have, why would this happen as the same form action is used elsewhere with no issues. Many thanks in advance Simon Link to comment https://forums.phpfreaks.com/topic/258372-xxs-problem-with-_serverrequest_uri-in-form-action/ Share on other sites More sharing options...
scootstah Posted March 6, 2012 Share Posted March 6, 2012 If you want the form to land on the same page it was displayed on, you can simply leave the action blank. Link to comment https://forums.phpfreaks.com/topic/258372-xxs-problem-with-_serverrequest_uri-in-form-action/#findComment-1324429 Share on other sites More sharing options...
simboski19 Posted March 6, 2012 Author Share Posted March 6, 2012 Yes that is correct, it is simply posting to itself. Does this not have some validation issues however? Just a thought if it's empty thats all. I have given this a go and I will let you know how i get on. Many thanks Simon Link to comment https://forums.phpfreaks.com/topic/258372-xxs-problem-with-_serverrequest_uri-in-form-action/#findComment-1324445 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.