Edit report at http://bugs.php.net/bug.php?id=52189&edit=1
ID: 52189
User updated by: staff at humaninternals dot com
Reported by: staff at humaninternals dot com
Summary: Certain errors are not sanitized against
htmlspecialchars
Status: Open
Type: Bug
-Package: Output Control
+Package: Unknown/Other Function
Operating System: Windows
-PHP Version: 5.3SVN-2010-06-26 (snap)
+PHP Version: 5.3.0
New Comment:
Wrong package.
Previous Comments:
------------------------------------------------------------------------
[2010-06-26 10:52:06] staff at humaninternals dot com
Description:
------------
I have currently tested this on PHP 5.3.0 on a Windows XP environment.
Although it is unlikely that this type of data will be from user input
but
consider the test script.
When an undefined index notice occurs the index itself is not sanitized
allowing
for XSS type attacks.
Again it is very unlikely that this should come from user input but it
is
possible.
Test script:
---------------
error_reporting(E_ALL | E_STRICT);
$a = array();
echo $a['<script>alert("A")</script>'];
Expected result:
----------------
Notice: Undefined index: <script>alert("A")</script> in ...file...
Actual result:
--------------
Notice: Undefined index: in ...file...
And a script alert popup.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=52189&edit=1
