From 41b73e4cee9ce68b8b78a00eddd4322b0d48dd06 Mon Sep 17 00:00:00 2001 From: Felipe Pena Date: Tue, 25 Jun 2013 18:00:33 -0300 Subject: [PATCH] - Fixed bug #62964 (Possible XSS on "Registered stream filters" info) patch by: david at nnucomputerwhiz dot com --- ext/standard/info.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ext/standard/info.c b/ext/standard/info.c index e171f72b57..6bc406fede 100644 --- a/ext/standard/info.c +++ b/ext/standard/info.c @@ -125,7 +125,11 @@ static void php_info_print_stream_hash(const char *name, HashTable *ht TSRMLS_DC zend_hash_internal_pointer_reset_ex(ht, &pos); while (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) { - php_info_print(key); + if (!sapi_module.phpinfo_as_text) { + php_info_print_html_esc(key, len-1); + } else { + php_info_print(key); + } zend_hash_move_forward_ex(ht, &pos); if (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) { php_info_print(", "); -- 2.50.0