Retaining thread ID when posting reply
View Single Post
05-20-2009, 09:55 PM
Join Date: Sep 2007
Always validate ANY sort of input. vB passes the thread number via GET data, it is still safe because you validate it. Validation would consist of you checking in the database if that user (who should also be authenticated) is indeed the owner of the post.
The rule of thumb is that if it is data from the client side, assume its hostile.
View Public Profile
Send a private message to Village Idiot
Find More Posts by Village Idiot