I wonder for the website security #35
Description
Hello, sorry if I'm making this "generic" issue like this, but, I tought this was a private website only used internally, today I found out it's a public one and as from the code, it's doing some dynamic things like getting form action url from superglobals when instead you could write it just manually or parse it in a safer way. Maybe I'm wrong somewhere in my claims, but you should probably check, especially the parts that are really outdated (5 years ago or more). I tried something but I wasn't actually able to "exploit" anything, but since you know better than me this website because you made it and since you are also the actual creator of the language the website is written it, I think you'll better find some vulnerabilities in some older parts of the code. Let me know and sorry for annoying you...