Edit report at http://bugs.php.net/bug.php?id=52189&edit=1
ID: 52189
Updated by: paj...@php.net
Reported by: staff at humaninternals dot com
Summary: Certain errors are not sanitized against
htmlspecialchars
-Status: Open
+Status: Bogus
Type: Bug
Package: Unknown/Other Function
Operating System: Windows
PHP Version: 5.3.0
New Comment:
Do not set display_errors.
Previous Comments:
------------------------------------------------------------------------
[2010-06-26 12:14:20] staff at humaninternals dot com
Wrong package.
------------------------------------------------------------------------
[2010-06-26 10:52:06] staff at humaninternals dot com
Description:
------------
I have currently tested this on PHP 5.3.0 on a Windows XP environment.
Although it is unlikely that this type of data will be from user input
but
consider the test script.
When an undefined index notice occurs the index itself is not sanitized
allowing
for XSS type attacks.
Again it is very unlikely that this should come from user input but it
is
possible.
Test script:
---------------
error_reporting(E_ALL | E_STRICT);
$a = array();
echo $a['<script>alert("A")</script>'];
Expected result:
----------------
Notice: Undefined index: <script>alert("A")</script> in ...file...
Actual result:
--------------
Notice: Undefined index: in ...file...
And a script alert popup.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=52189&edit=1
