incrediBILL - 4:47 pm on Jul 12, 2012 (gmt 0)
Stuff like this isn't just inexcusable, it's pure incompetence.
If a large corporation like Yahoo can't have a uniform data security policy that mandates all input fields are properly testing before being accepted from the web they get what they deserve for sloppy management.
What makes this so silly is that one simple script could prefix all pages site wide and iterate all GET and POST variables and either filter or reject any garbage. You don't really need to code it field by field, it can be done universally for all pages with one lousy include per page.
There should be a small security team assigned to keeping this stuff updated and verifying (scanning) that it's implemented across the board.
Maybe I should go apply for the security managers job because if they don't have one they'll need one and if they do have one they'll need a better one.
Things like this really irk me, I am so seriously irked right now you have no idea.