- Fixed bug #62964 (Possible XSS on "Registered stream filters" info) patch by: david at nnucomputerwhiz dot com

author: Felipe Pena <felipensp@gmail.com> 2013-06-25 18:00:33 -0300
committer: Felipe Pena <felipensp@gmail.com> 2013-06-25 18:00:33 -0300
commit: 41b73e4cee9ce68b8b78a00eddd4322b0d48dd06 (patch)
tree: c10e55e815e9d7688504ce772e3d310d658109b3 /ext/standard/info.c
parent: 5ae1983b33cc46cb21af278162b4dfdcb2ef4d29 (diff)
download: php-git-41b73e4cee9ce68b8b78a00eddd4322b0d48dd06.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/ext/standard/info.c b/ext/standard/info.c
index e171f72b57..6bc406fede 100644
--- a/ext/standard/info.c
+++ b/ext/standard/info.c
@@ -125,7 +125,11 @@ static void php_info_print_stream_hash(const char *name, HashTable *ht TSRMLS_DC
 			zend_hash_internal_pointer_reset_ex(ht, &pos);
 			while (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING)
 			{
-				php_info_print(key);
+				if (!sapi_module.phpinfo_as_text) {
+					php_info_print_html_esc(key, len-1);
+				} else {
+					php_info_print(key);
+				}
 				zend_hash_move_forward_ex(ht, &pos);
 				if (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) {
 					php_info_print(", ");
author	Felipe Pena <felipensp@gmail.com>	2013-06-25 18:00:33 -0300
committer	Felipe Pena <felipensp@gmail.com>	2013-06-25 18:00:33 -0300
commit	41b73e4cee9ce68b8b78a00eddd4322b0d48dd06 (patch)
tree	c10e55e815e9d7688504ce772e3d310d658109b3 /ext/standard/info.c
parent	5ae1983b33cc46cb21af278162b4dfdcb2ef4d29 (diff)
download	php-git-41b73e4cee9ce68b8b78a00eddd4322b0d48dd06.tar.gz