Quote:
|
Originally Posted by swedguy
Because they are allowing a sponsor to be able to add form variable that will override the cookie that holds the info WHO sent the surfer. So the problem is their way of handling form+cookies that are sent.
|
Right, and my example of changing the link to the join page to set a new cookie and new PA link in the form are just as dangerous. I can't believe you are wasting so much time on this.
If you can't trust the sponsor don't use them, it still isn't a CCBill issue.