Issue
I recently asked a question about LAMP stack not allowing posting of <script> tag via textarea, the request is killed by the apache i guess as the $_POST, $_GET and $_REQUEST fields are all empty.
I was just wondering how does wordpress allow users to add widgets, updated template files and create pages using a textarea control that allows <script> tag.
UPDATE I've created a pastebin entry for the form here: http://pastebin.com/1Jaz9rRz
Basically it is an auto generated form, I've copy pasted from the source code.
UPDATE
I've moved the code for testing to the server here: http://www.007softwares.com/testing.php
The form is being posted to itself, i've echoed the $_REQUEST array to see what was posted. You can see when you just submit the form, fields are visible and when you type script tag the error page appears. Hope this helps.
Solution
The LAMP stack doesn't care what text is submitted via a TEXTAREA. The script/app that receives the form input may have some logic in it which kills the process if it sees a SCRIPT tag but in general you can submit whatever text you want.
Answered By - Joe Landsman
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.