]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5ae1983)
- Fixed bug #62964 (Possible XSS on "Registered stream filters" info) patch by: david...
authorFelipe Pena <felipensp@gmail.com>
Tue, 25 Jun 2013 21:00:33 +0000 (18:00 -0300)
committerFelipe Pena <felipensp@gmail.com>
Tue, 25 Jun 2013 21:00:33 +0000 (18:00 -0300)
ext/standard/info.c patch | blob | history

diff --git a/ext/standard/info.c b/ext/standard/info.c
index e171f72b573bfb029114f11ad976fc1da0032948..6bc406feded2c453b36559a733599da449b49b6d 100644 (file)
--- a/ext/standard/info.c
+++ b/ext/standard/info.c
@@ -125,7 +125,11 @@ static void php_info_print_stream_hash(const char *name, HashTable *ht TSRMLS_DC
                        zend_hash_internal_pointer_reset_ex(ht, &pos);
                        while (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING)
                        {
-                               php_info_print(key);
+                               if (!sapi_module.phpinfo_as_text) {
+                                       php_info_print_html_esc(key, len-1);
+                               } else {
+                                       php_info_print(key);
+                               }
                                zend_hash_move_forward_ex(ht, &pos);
                                if (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) {
                                        php_info_print(", ");
Unnamed repository; edit this file 'description' to name the repository.