Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-lang/php/files/5.0.4/php5.0.4-phpinfo_xss.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-lang/php/files/5.0.4/php5.0.4-phpinfo_xss.patch')
-rw-r--r--dev-lang/php/files/5.0.4/php5.0.4-phpinfo_xss.patch79
1 files changed, 79 insertions, 0 deletions
diff --git a/dev-lang/php/files/5.0.4/php5.0.4-phpinfo_xss.patch b/dev-lang/php/files/5.0.4/php5.0.4-phpinfo_xss.patch
new file mode 100644
index 0000000..e19c9fe
--- /dev/null
+++ b/dev-lang/php/files/5.0.4/php5.0.4-phpinfo_xss.patch
@@ -0,0 +1,79 @@
+--- ext/standard/info.c 2004-05-02 15:23:30.000000000 +0200
++++ ext/standard/info.c 2005-11-01 01:30:58.000000000 +0100
+@@ -18,7 +18,7 @@
+ +----------------------------------------------------------------------+
+ */
+
+-/* $Id: info.c,v 1.245 2004/05/02 13:23:30 helly Exp $ */
++/* $Id: info.c,v 1.245.2.5 2005/08/16 00:25:46 iliaa Exp $ */
+
+ #include "php.h"
+ #include "php_ini.h"
+@@ -135,10 +135,25 @@
+ PUTS(" => ");
+ }
+ if (Z_TYPE_PP(tmp) == IS_ARRAY) {
++ zval *tmp3;
++
++ MAKE_STD_ZVAL(tmp3);
++
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("<pre>");
+ }
++ php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
++
+ zend_print_zval_r(*tmp, 0 TSRMLS_CC);
++
++ php_ob_get_buffer(tmp3 TSRMLS_CC);
++ php_end_ob_buffer(0, 0 TSRMLS_CC);
++
++ elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
++ PUTS(elem_esc);
++ efree(elem_esc);
++ zval_ptr_dtor(&tmp3);
++
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("</pre>");
+ }
+@@ -198,7 +213,7 @@
+ PHPAPI char *php_info_html_esc(char *string TSRMLS_DC)
+ {
+ int new_len;
+- return php_escape_html_entities(string, strlen(string), &new_len, 0, ENT_NOQUOTES, NULL TSRMLS_CC);
++ return php_escape_html_entities(string, strlen(string), &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
+ }
+ /* }}} */
+
+@@ -406,7 +421,9 @@
+ if (expose_php && !sapi_module.phpinfo_as_text) {
+ PUTS("<a href=\"http://www.php.net/\"><img border=\"0\" src=\"");
+ if (SG(request_info).request_uri) {
+- PUTS(SG(request_info).request_uri);
++ char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC);
++ PUTS(elem_esc);
++ efree(elem_esc);
+ }
+ PUTS("?=");
+ logo_guid = php_logo_guid();
+@@ -551,7 +574,9 @@
+ if (expose_php && !sapi_module.phpinfo_as_text) {
+ PUTS("<a href=\"http://www.zend.com/\"><img border=\"0\" src=\"");
+ if (SG(request_info).request_uri) {
+- PUTS(SG(request_info).request_uri);
++ char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC);
++ PUTS(elem_esc);
++ efree(elem_esc);
+ }
+ PUTS("?="ZEND_LOGO_GUID"\" alt=\"Zend logo\" /></a>\n");
+ }
+@@ -570,7 +595,9 @@
+ php_info_print_hr();
+ PUTS("<h1><a href=\"");
+ if (SG(request_info).request_uri) {
+- PUTS(SG(request_info).request_uri);
++ char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC);
++ PUTS(elem_esc);
++ efree(elem_esc);
+ }
+ PUTS("?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000\">");
+ PUTS("PHP Credits");