rasmus Sun May 8 13:09:25 2005 EDT
Modified files: (Branch: PHP_4_3)
/php-src/ext/standard info.c
Log:
Let's not XSS ourself at least
http://cvs.php.net/diff.php/php-src/ext/standard/info.c?r1=1.218.2.16&r2=1.218.2.17&ty=u
Index: php-src/ext/standard/info.c
diff -u php-src/ext/standard/info.c:1.218.2.16
php-src/ext/standard/info.c:1.218.2.17
--- php-src/ext/standard/info.c:1.218.2.16 Wed Jun 9 11:10:19 2004
+++ php-src/ext/standard/info.c Sun May 8 13:09:24 2005
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: info.c,v 1.218.2.16 2004/06/09 15:10:19 iliaa Exp $ */
+/* $Id: info.c,v 1.218.2.17 2005/05/08 17:09:24 rasmus Exp $ */
#include "php.h"
#include "php_ini.h"
@@ -593,7 +593,9 @@
php_info_print_table_start();
php_info_print_table_header(2, "Variable", "Value");
if (zend_hash_find(&EG(symbol_table), "PHP_SELF",
sizeof("PHP_SELF"), (void **) &data) != FAILURE) {
- php_info_print_table_row(2, "PHP_SELF",
Z_STRVAL_PP(data));
+ char *elem_esc = php_info_html_esc(Z_STRVAL_PP(data)
TSRMLS_CC);
+ php_info_print_table_row(2, "PHP_SELF", elem_esc);
+ efree(elem_esc);
}
if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE",
sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) {
php_info_print_table_row(2, "PHP_AUTH_TYPE",
Z_STRVAL_PP(data));
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
