[dev] Re: [cvs] commit: framework/Util Util.php

[Chuck Hagenbuch]

Quoting Jan Schneider <jan at horde.org>:

>>   Modified files:
>>     Util                 Util.php
>>   Log:
>>   not sure why these never got run through htmlspecialchars().
>
> Because they don't need to, at least not the session_id() that contains
> ascii values only anyway. The session name only allows those too.

Okay. Unless it causes problems I'd like to leave this in, though, since it
could theoretically protect against random injection attacks.

-chuck

-- 
"But she goes not abroad in search of monsters to destroy." - John 
Quincy Adams