]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49b5d46)
Let's not XSS ourself at least
authorRasmus Lerdorf <rasmus@php.net>
Sun, 8 May 2005 17:09:24 +0000 (17:09 +0000)
committerRasmus Lerdorf <rasmus@php.net>
Sun, 8 May 2005 17:09:24 +0000 (17:09 +0000)
ext/standard/info.c patch | blob | history

diff --git a/ext/standard/info.c b/ext/standard/info.c
index d1664aff2bc4013342db89cbe0e5b146262fc2d0..23a5c96544662485c9b375f151b08056453a6583 100644 (file)
--- a/ext/standard/info.c
+++ b/ext/standard/info.c
@@ -593,7 +593,9 @@ PHPAPI void php_print_info(int flag TSRMLS_DC)
                php_info_print_table_start();
                php_info_print_table_header(2, "Variable", "Value");
                if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) {
-                       php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data));
+                       char *elem_esc = php_info_html_esc(Z_STRVAL_PP(data) TSRMLS_CC);
+                       php_info_print_table_row(2, "PHP_SELF", elem_esc);
+                       efree(elem_esc);
                }
                if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) {
                        php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data));
Unnamed repository; edit this file 'description' to name the repository.