Thanks Jason,
I'm on it. There are quite a few. I had the brilliant idea to add a search option to several pages.
Just to be clear even statements like:
<?php echo(isset($_GET["pageNum_WADAphon
es"])?"&pageNum_WADAphones=".intval($_GET["pageNum_WADAphones"]):""); ?>
Would be changed to ...
<?php echo(isset($_GET["pageNum_WADAphon
es"])?htmlentities("&pageNum_WADAphones=".intval($_GET["pageNum_WADAphones"])):""); ?>
And validation statements like:
<?php echo((isset($_GET["invalid"])?ValidatedField("contactus","Address_1"):"")); ?>
Would end up as ...
<?php echo((isset($_GET["invalid"])?htmlentities(ValidatedField("contactus","Address_1")):"")); ?>
AND these changes should be made for pages outside of "and" inside of security assist? I have a little work ahead of me.
On another note Jason for anyone who may also use a cross site scripting program careful with how you have your email links set.ZAP just sent out over 10000 emails to my client. Somehow it looped the links to the "contact us" page. If you have any tips on avoiding that happening I would appreciate it. ince the emails came from the "contact us" page any idea how it got past the security code?
