From 0b7fbabd80e19dc532e234b4657c86c024e6ca82 Mon Sep 17 00:00:00 2001
From: Rasmus Lerdorf <rasmus@php.net>
Date: Sun, 8 May 2005 17:09:24 +0000
Subject: [PATCH] Let's not XSS ourself at least

---
 ext/standard/info.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ext/standard/info.c b/ext/standard/info.c
index d1664aff2b..23a5c96544 100644
--- a/ext/standard/info.c
+++ b/ext/standard/info.c
@@ -593,7 +593,9 @@ PHPAPI void php_print_info(int flag TSRMLS_DC)
 		php_info_print_table_start();
 		php_info_print_table_header(2, "Variable", "Value");
 		if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) {
-			php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data));
+			char *elem_esc = php_info_html_esc(Z_STRVAL_PP(data) TSRMLS_CC);
+			php_info_print_table_row(2, "PHP_SELF", elem_esc);
+			efree(elem_esc);
 		}
 		if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) {
 			php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data));
-- 
2.40.0