diff options
author | Felipe Pena <felipensp@gmail.com> | 2013-06-25 18:00:33 -0300 |
---|---|---|
committer | Felipe Pena <felipensp@gmail.com> | 2013-06-25 18:00:33 -0300 |
commit | 41b73e4cee9ce68b8b78a00eddd4322b0d48dd06 (patch) | |
tree | c10e55e815e9d7688504ce772e3d310d658109b3 /ext/standard | |
parent | 5ae1983b33cc46cb21af278162b4dfdcb2ef4d29 (diff) | |
download | php-git-41b73e4cee9ce68b8b78a00eddd4322b0d48dd06.tar.gz |
- Fixed bug #62964 (Possible XSS on "Registered stream filters" info) patch by: david at nnucomputerwhiz dot com
Diffstat (limited to 'ext/standard')
-rw-r--r-- | ext/standard/info.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ext/standard/info.c b/ext/standard/info.c index e171f72b57..6bc406fede 100644 --- a/ext/standard/info.c +++ b/ext/standard/info.c @@ -125,7 +125,11 @@ static void php_info_print_stream_hash(const char *name, HashTable *ht TSRMLS_DC zend_hash_internal_pointer_reset_ex(ht, &pos); while (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) { - php_info_print(key); + if (!sapi_module.phpinfo_as_text) { + php_info_print_html_esc(key, len-1); + } else { + php_info_print(key); + } zend_hash_move_forward_ex(ht, &pos); if (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) { php_info_print(", "); |