[PHP-BUG] Bug #52189 [NEW]: Certain errors are not sanitized against htmlspecialchars

Sat, 26 Jun 2010 01:52:18 -0700 

From:             
Operating system: Windows
PHP version:      5.3SVN-2010-06-26 (snap)
Package:          Output Control
Bug Type:         Bug
Bug description:Certain errors are not sanitized against htmlspecialchars

Description:
------------
I have currently tested this on PHP 5.3.0 on a Windows XP environment.

Although it is unlikely that this type of data will be from user input but


consider the test script.

When an undefined index notice occurs the index itself is not sanitized
allowing 

for XSS type attacks.

Again it is very unlikely that this should come from user input but it is 

possible.

Test script:
---------------
error_reporting(E_ALL | E_STRICT);

$a = array();

echo $a['<script>alert("A")</script>'];

Expected result:
----------------
Notice: Undefined index: <script>alert("A")</script> in ...file...

Actual result:
--------------
Notice: Undefined index: in ...file...



And a script alert popup.

-- 
Edit bug report at http://bugs.php.net/bug.php?id=52189&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=52189&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=52189&r=trysnapshot53
Try a snapshot (trunk):              
http://bugs.php.net/fix.php?id=52189&r=trysnapshottrunk
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=52189&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=52189&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=52189&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=52189&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=52189&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=52189&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=52189&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=52189&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=52189&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=52189&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=52189&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=52189&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=52189&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=52189&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=52189&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=52189&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=52189&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=52189&r=mysqlcfg

Reply via email to