Don Alexander Eckford's Unsecure $_POST form
Cut &Paste The Following:
<script type="text/javascript"> alert('Danger Will Robinson!!!');</script>
Please Note: JavaScript pop-up blocking has to be turned OFF for this to work!
Cut &Paste The Following:
<script type="text/javascript"> alert('Danger Will Robinson!!!');</script>
Please Note: JavaScript pop-up blocking has to be turned OFF for this to work!
<?php
include('includes/header.php');
// code
// Enable Error Reporting
error_reporting(E_ALL); // set error reporting to all
// Get the script name
$self = basename($_SERVER['SCRIPT_NAME']);
echo('<h1>Don Alexander Eckford\'s Unsecure $_POST form</h1>');
// Retrieve the method from post if available
$message = isset($_POST['message']) ? $_POST['message'] : '';
// Filter all input for browser output
if($message != "<script type=\"text/javascript\"> alert('Danger Will Robinson!!!');</script>")
{
$message = htmlentities($message, ENT_QUOTES, 'UTF-8');
}
?>
<!-- Display the submitted message only after POST -->
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST'): ?>
<p>Message: <?= $message; ?></p>
<?php endif; ?>
<form action="<?= $self;;?>" method="POST" >
<table>
<tr>
<td class="right">
Message:
</td>
<td class="left">
<label for="message">Message</label>
<textarea id="message" cols="80" rows="6" name="message">
<?= $message; ?>
</textarea>
</td>
</tr>
</table>
<p>
<input type="submit" name="submit" value="Submit">
</p>
</form>
<p>
Cut &Paste The Following:<br>
<script type="text/javascript"> alert('Danger Will Robinson!!!');</script>
</p>
<form action="form_secure.php" method="POST" >
<p>
<input type="submit" name="submit" value="Goto Secure Form">
</p>
</form>
<p class="red">
Please Note: JavaScript pop-up blocking has to be turned OFF for this to work!
</p>
<?php
include('includes/footer.php');
?>