From: Felipe Pena Date: Tue, 25 Jun 2013 21:00:33 +0000 (-0300) Subject: - Fixed bug #62964 (Possible XSS on "Registered stream filters" info) patch by: david... X-Git-Tag: php-5.5.2RC1~24^2~2^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=41b73e4cee9ce68b8b78a00eddd4322b0d48dd06;p=php - Fixed bug #62964 (Possible XSS on "Registered stream filters" info) patch by: david at nnucomputerwhiz dot com --- diff --git a/ext/standard/info.c b/ext/standard/info.c index e171f72b57..6bc406fede 100644 --- a/ext/standard/info.c +++ b/ext/standard/info.c @@ -125,7 +125,11 @@ static void php_info_print_stream_hash(const char *name, HashTable *ht TSRMLS_DC zend_hash_internal_pointer_reset_ex(ht, &pos); while (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) { - php_info_print(key); + if (!sapi_module.phpinfo_as_text) { + php_info_print_html_esc(key, len-1); + } else { + php_info_print(key); + } zend_hash_move_forward_ex(ht, &pos); if (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) { php_info_print(", ");