index of 33 results...
are you even trying?
>>56952984
some things I noticed
- Instead of filtering out ' and - in every SQL parameter, use proper escaping, or even better, prepared statements
- Make uploaded files accessible only via a subdomain. Prevents possibly malicious code that might cause CSRF or steal muh cookies (due to blocked Javascript requests because of CORS)
- You are silently cutting of >150 or >30 chars in the input fields, add a maxlength parameter to the inputs
- Use someincludeon the language switch thing (redundant in every file)
>>56953151
also, $class on the book submission is not validated nor escaped in the sql query in any way
>>56953151
very precious input. thank you.
>>56953188
THAT is the only vulnerability i could spot while checking my code. great job.