diff options
Diffstat (limited to 'dev-lang/php/files/5.0.4/php5.0.4-phpinfo_xss.patch')
-rw-r--r-- | dev-lang/php/files/5.0.4/php5.0.4-phpinfo_xss.patch | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/dev-lang/php/files/5.0.4/php5.0.4-phpinfo_xss.patch b/dev-lang/php/files/5.0.4/php5.0.4-phpinfo_xss.patch new file mode 100644 index 0000000..e19c9fe --- /dev/null +++ b/dev-lang/php/files/5.0.4/php5.0.4-phpinfo_xss.patch @@ -0,0 +1,79 @@ +--- ext/standard/info.c 2004-05-02 15:23:30.000000000 +0200 ++++ ext/standard/info.c 2005-11-01 01:30:58.000000000 +0100 +@@ -18,7 +18,7 @@ + +----------------------------------------------------------------------+ + */ + +-/* $Id: info.c,v 1.245 2004/05/02 13:23:30 helly Exp $ */ ++/* $Id: info.c,v 1.245.2.5 2005/08/16 00:25:46 iliaa Exp $ */ + + #include "php.h" + #include "php_ini.h" +@@ -135,10 +135,25 @@ + PUTS(" => "); + } + if (Z_TYPE_PP(tmp) == IS_ARRAY) { ++ zval *tmp3; ++ ++ MAKE_STD_ZVAL(tmp3); ++ + if (!sapi_module.phpinfo_as_text) { + PUTS("<pre>"); + } ++ php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC); ++ + zend_print_zval_r(*tmp, 0 TSRMLS_CC); ++ ++ php_ob_get_buffer(tmp3 TSRMLS_CC); ++ php_end_ob_buffer(0, 0 TSRMLS_CC); ++ ++ elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC); ++ PUTS(elem_esc); ++ efree(elem_esc); ++ zval_ptr_dtor(&tmp3); ++ + if (!sapi_module.phpinfo_as_text) { + PUTS("</pre>"); + } +@@ -198,7 +213,7 @@ + PHPAPI char *php_info_html_esc(char *string TSRMLS_DC) + { + int new_len; +- return php_escape_html_entities(string, strlen(string), &new_len, 0, ENT_NOQUOTES, NULL TSRMLS_CC); ++ return php_escape_html_entities(string, strlen(string), &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC); + } + /* }}} */ + +@@ -406,7 +421,9 @@ + if (expose_php && !sapi_module.phpinfo_as_text) { + PUTS("<a href=\"http://www.php.net/\"><img border=\"0\" src=\""); + if (SG(request_info).request_uri) { +- PUTS(SG(request_info).request_uri); ++ char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC); ++ PUTS(elem_esc); ++ efree(elem_esc); + } + PUTS("?="); + logo_guid = php_logo_guid(); +@@ -551,7 +574,9 @@ + if (expose_php && !sapi_module.phpinfo_as_text) { + PUTS("<a href=\"http://www.zend.com/\"><img border=\"0\" src=\""); + if (SG(request_info).request_uri) { +- PUTS(SG(request_info).request_uri); ++ char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC); ++ PUTS(elem_esc); ++ efree(elem_esc); + } + PUTS("?="ZEND_LOGO_GUID"\" alt=\"Zend logo\" /></a>\n"); + } +@@ -570,7 +595,9 @@ + php_info_print_hr(); + PUTS("<h1><a href=\""); + if (SG(request_info).request_uri) { +- PUTS(SG(request_info).request_uri); ++ char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC); ++ PUTS(elem_esc); ++ efree(elem_esc); + } + PUTS("?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000\">"); + PUTS("PHP Credits"); |