Fix request_uri XSS on phpinfo() page

author Rasmus Lerdorf <rasmus@php.net>

Sun, 8 May 2005 17:24:38 +0000 (17:24 +0000)

committer Rasmus Lerdorf <rasmus@php.net>

Sun, 8 May 2005 17:24:38 +0000 (17:24 +0000)
author Rasmus Lerdorf <rasmus@php.net>
Sun, 8 May 2005 17:24:38 +0000 (17:24 +0000)
committer Rasmus Lerdorf <rasmus@php.net>
Sun, 8 May 2005 17:24:38 +0000 (17:24 +0000)
diff --git a/ext/standard/info.c b/ext/standard/info.c

index c5485e7557badbfdc18edc62c9289f4b6982b04c..bc278b5f30240a9f1f88507672d7d46e581c2a45 100644 (file)
--- a/ext/standard/info.c
+++ b/ext/standard/info.c
@@ -406,7 +406,9 @@ PHPAPI void php_print_info(int flag TSRMLS_DC)
                 if (expose_php && !sapi_module.phpinfo_as_text) {
                         PUTS("<a href=\"http://www.php.net/\"><img border=\"0\" src=\"");
                         if (SG(request_info).request_uri) {
-                               PUTS(SG(request_info).request_uri);
+                               char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC);
+                               PUTS(elem_esc);
+                               efree(elem_esc);
                         }
                         PUTS("?=");
                         logo_guid = php_logo_guid();
@@ -592,7 +594,9 @@ PHPAPI void php_print_info(int flag TSRMLS_DC)
                 if (expose_php && !sapi_module.phpinfo_as_text) {
                         PUTS("<a href=\"http://www.zend.com/\"><img border=\"0\" src=\"");
                         if (SG(request_info).request_uri) {
-                               PUTS(SG(request_info).request_uri);
+                               char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC);
+                               PUTS(elem_esc);
+                               efree(elem_esc);
                         }
                         PUTS("?="ZEND_LOGO_GUID"\" alt=\"Zend logo\" /></a>\n");
                 }
@@ -611,7 +615,9 @@ PHPAPI void php_print_info(int flag TSRMLS_DC)
                 php_info_print_hr();
                 PUTS("<h1><a href=\"");
                 if (SG(request_info).request_uri) {
-                       PUTS(SG(request_info).request_uri);
+                       char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC);
+                       PUTS(elem_esc);
+                       efree(elem_esc);
                 }
                 PUTS("?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000\">");
                 PUTS("PHP Credits");
author	Rasmus Lerdorf <rasmus@php.net>
	Sun, 8 May 2005 17:24:38 +0000 (17:24 +0000)
committer	Rasmus Lerdorf <rasmus@php.net>
	Sun, 8 May 2005 17:24:38 +0000 (17:24 +0000)