Tedd's Unsecure $_POST form
Cut &Paste The Following:
<script type="text/javascript"> alert('Danger Will Robinson!!!');</script>
Please Note: JavaScript pop-up blocking has to be turned OFF for this to work!
Cut &Paste The Following:
<script type="text/javascript"> alert('Danger Will Robinson!!!');</script>
Please Note: JavaScript pop-up blocking has to be turned OFF for this to work!
<?php
include('includes/header.php');
// code
error_reporting(E_ALL); // set error reporting to all
$self = basename($_SERVER['SCRIPT_NAME']);
echo('<h1>Tedd\'s Unsecure $_POST form</h1>');
$message = isset($_POST['message']) ? $_POST['message'] : '';
if($message != "<script type=\"text/javascript\"> alert('Danger Will Robinson!!!');</script>")
{
$message = htmlentities($message);
}
?>
<?php echo($message);?>
<form action="<?php echo($self);?>" method="POST" >
<table>
<tr>
<td class="right">
Message:
</td>
<td class="left">
<textarea cols=80 rows=6 name="message">
<?php echo($message);?>
</textarea>
</td>
</tr>
</table>
<p>
<input type="submit" name="submit" value="Submit">
</p>
</form>
<p>
Cut &Paste The Following:<br>
<script type="text/javascript"> alert('Danger Will Robinson!!!');</script>
</p>
<form action="form-secure.php" method="POST" >
<p>
<input type="submit" name="submit" value="Goto Secure Form">
</p>
</form>
<p class="red">
Please Note: JavaScript pop-up blocking has to be turned OFF for this to work!
</p>
<?php
include('includes/footer.php');
?>