dev-lang/php/files/4.3.11/php4.3.11-phpinfo_xss.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

--- ext/standard/info.c	2004-06-09 17:10:19.000000000 +0200
+++ ext/standard/info.c	2005-11-01 01:22:42.000000000 +0100
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: info.c,v 1.218.2.16 2004/06/09 15:10:19 iliaa Exp $ */
+/* $Id: info.c,v 1.218.2.18.2.4 2005/08/16 00:26:02 iliaa Exp $ */
 
 #include "php.h"
 #include "php_ini.h"
@@ -133,10 +133,21 @@
 				PUTS(" => ");
 			}
 			if (Z_TYPE_PP(tmp) == IS_ARRAY) {
+				zval *tmp3;
+				MAKE_STD_ZVAL(tmp3);
 				if (!sapi_module.phpinfo_as_text) {
 					PUTS("<pre>");
 				}
+				php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
 				zend_print_zval_r(*tmp, 0);
+				php_ob_get_buffer(tmp3 TSRMLS_CC);
+				php_end_ob_buffer(0, 0 TSRMLS_CC);
+				
+				elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
+				PUTS(elem_esc);
+				efree(elem_esc);
+				zval_ptr_dtor(&tmp3);
+
 				if (!sapi_module.phpinfo_as_text) {
 					PUTS("</pre>");
 				}
@@ -196,7 +207,7 @@
 PHPAPI char *php_info_html_esc(char *string TSRMLS_DC)
 {
 	int new_len;
-	return php_escape_html_entities(string, strlen(string), &new_len, 0, ENT_NOQUOTES, NULL TSRMLS_CC);
+	return php_escape_html_entities(string, strlen(string), &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
 }
 /* }}} */
 
@@ -408,7 +419,9 @@
 		if (expose_php && !sapi_module.phpinfo_as_text) {
 			PUTS("<a href=\"http://www.php.net/\"><img border=\"0\" src=\"");
 			if (SG(request_info).request_uri) {
-				PUTS(SG(request_info).request_uri);
+				char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC);
+				PUTS(elem_esc);
+				efree(elem_esc);
 			}
 			if ((ta->tm_mon==3) && (ta->tm_mday==1)) {
 				PUTS("?="PHP_EGG_LOGO_GUID"\" alt=\"Nadia!\" /></a>");
@@ -510,7 +529,9 @@
 		if (expose_php && !sapi_module.phpinfo_as_text) {
 			PUTS("<a href=\"http://www.zend.com/\"><img border=\"0\" src=\"");
 			if (SG(request_info).request_uri) {
-				PUTS(SG(request_info).request_uri);
+				char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC);
+				PUTS(elem_esc);
+				efree(elem_esc);
 			}
 			PUTS("?="ZEND_LOGO_GUID"\" alt=\"Zend logo\" /></a>\n");
 		}
@@ -525,7 +546,9 @@
 		php_info_print_hr();
 		PUTS("<h1><a href=\"");
 		if (SG(request_info).request_uri) {
-			PUTS(SG(request_info).request_uri);
+			char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC);
+			PUTS(elem_esc);
+			efree(elem_esc);
 		}
 		PUTS("?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000\">");
 		PUTS("PHP Credits");