<img> links in html messages or bboard messages are another
potential way of getting admin to unwitting perform an action for
you. I recommend against using html mail.
Rich Graves had the right idea in
our previous cross site scripting thread but I think we need to
be even stricter and check that the referer for admin functions is
from the same directory on the site to offer some protection against
dangerous links in the bboards.
Concerning the article I think it is absolutely important that we
filter every bit of data that the client has control over before we
either place it in an sql statement or echo it back to the client.