Commit: 41b73e4cee9ce68b8b78a00eddd4322b0d48dd06 Author: Felipe Pena <felipe...@gmail.com> Tue, 25 Jun 2013 18:00:33 -0300 Parents: 5ae1983b33cc46cb21af278162b4dfdcb2ef4d29 Branches: PHP-5.4 PHP-5.5 master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=41b73e4cee9ce68b8b78a00eddd4322b0d48dd06 Log: - Fixed bug #62964 (Possible XSS on "Registered stream filters" info) patch by: david at nnucomputerwhiz dot com Bugs: https://bugs.php.net/62964 Changed paths: M ext/standard/info.c Diff: diff --git a/ext/standard/info.c b/ext/standard/info.c index e171f72..6bc406f 100644 --- a/ext/standard/info.c +++ b/ext/standard/info.c @@ -125,7 +125,11 @@ static void php_info_print_stream_hash(const char *name, HashTable *ht TSRMLS_DC zend_hash_internal_pointer_reset_ex(ht, &pos); while (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) { - php_info_print(key); + if (!sapi_module.phpinfo_as_text) { + php_info_print_html_esc(key, len-1); + } else { + php_info_print(key); + } zend_hash_move_forward_ex(ht, &pos); if (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) { php_info_print(", "); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php