[eluser]Xeoncross[/eluser]
[quote author="inparo" date="1216666706"]the URI class... will error if you have illegal characters in your url[/quote]
Perfect! Just what I needed to know.
However, I still think that this is a venerability.
[quote author="inparo" date="1216666706"]
$page is never displayed to the user, it's only written to a log file.[/quote]
What if the log is read by a PHP script that outputs the last 10 errors? What if the log is emailed to a user?
XSS attack time. :coolgrin: