Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fix bug: #10323. Every value outputted is now escaped.

  • Loading branch information...
commit 9d1817ed7f2c27167b62b6873896452824fa8ca0 1 parent f564301
foobar authored
Showing with 31 additions and 24 deletions.
  1. +13 −13 ext/standard/info.c
  2. +18 −11 main/php_ini.c
View
26 ext/standard/info.c
@@ -34,9 +34,6 @@
#include "zend_highlight.h"
-#define PHP_CONF_LONG(directive,value1,value2) \
- php_printf("<TR VALIGN=\"baseline\" BGCOLOR=\"" PHP_CONTENTS_COLOR "\"><TD BGCOLOR=\"" PHP_ENTRY_NAME_COLOR "\">%s<BR></TD><TD>%ld<BR></TD><TD>%ld<BR></TD></TR>\n",directive,value1,value2);
-
#define SECTION(name) PUTS("<H2 align=\"center\">" name "</H2>\n")
PHPAPI extern char *php_ini_opened_path;
@@ -74,7 +71,7 @@ static void php_print_gpcse_array(char *name, uint name_length ELS_DC)
PUTS("[\"");
switch (zend_hash_get_current_key((*data)->value.ht, &string_key, &num_key, 0)) {
case HASH_KEY_IS_STRING:
- PUTS(string_key);
+ zend_html_puts(string_key, strlen(string_key));
break;
case HASH_KEY_IS_LONG:
php_printf("%ld",num_key);
@@ -89,12 +86,12 @@ static void php_print_gpcse_array(char *name, uint name_length ELS_DC)
tmp2 = **tmp;
zval_copy_ctor(&tmp2);
convert_to_string(&tmp2);
- PUTS(tmp2.value.str.val);
+ zend_html_puts(tmp2.value.str.val, tmp2.value.str.len);
zval_dtor(&tmp2);
} else {
- PUTS((*tmp)->value.str.val);
+ zend_html_puts((*tmp)->value.str.val, (*tmp)->value.str.len);
}
- PUTS("</TD></TR>\n");
+ PUTS("&nbsp;</TD></TR>\n");
zend_hash_move_forward((*data)->value.ht);
}
}
@@ -398,15 +395,18 @@ PHPAPI void php_info_print_table_row(int num_cols, ...)
php_printf("<TR VALIGN=\"baseline\" BGCOLOR=\"" PHP_CONTENTS_COLOR "\">");
for (i=0; i<num_cols; i++) {
+ php_printf("<TD %s>%s",
+ (i==0?"BGCOLOR=\"" PHP_ENTRY_NAME_COLOR "\" ":"ALIGN=\"left\""),
+ (i==0?"<B>":""));
+
row_element = va_arg(row_elements, char *);
if (!row_element || !*row_element) {
- row_element = "&nbsp;";
+ php_printf("&nbsp;");
+ } else {
+ zend_html_puts(row_element, strlen(row_element));
}
- php_printf("<TD %s>%s%s%s</td>",
- (i==0?"BGCOLOR=\"" PHP_ENTRY_NAME_COLOR "\" ":"ALIGN=\"left\""),
- (i==0?"<B>":""),
- row_element,
- (i==0?"</B>":""));
+
+ php_printf("%s</td>", (i==0?"</B>":""));
}
php_printf("</TR>\n");
View
29 main/php_ini.c
@@ -1,18 +1,18 @@
/*
+----------------------------------------------------------------------+
- | PHP version 4.0 |
+ | PHP version 4.0 |
+----------------------------------------------------------------------+
- | Copyright (c) 1997-2001 The PHP Group |
+ | Copyright (c) 1997-2001 The PHP Group |
+----------------------------------------------------------------------+
- | This source file is subject to version 2.02 of the PHP license, |
- | that is bundled with this package in the file LICENSE, and is |
- | available at through the world-wide-web at |
- | http://www.php.net/license/2_02.txt. |
+ | This source file is subject to version 2.02 of the PHP license, |
+ | that is bundled with this package in the file LICENSE, and is |
+ | available at through the world-wide-web at |
+ | http://www.php.net/license/2_02.txt. |
| If you did not receive a copy of the PHP license and are unable to |
- | obtain it through the world-wide-web, please send a note to |
- | license@php.net so we can mail you a copy immediately. |
+ | obtain it through the world-wide-web, please send a note to |
+ | license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
- | Author: Zeev Suraski <zeev@zend.com> |
+ | Author: Zeev Suraski <zeev@zend.com> |
+----------------------------------------------------------------------+
*/
@@ -26,6 +26,7 @@
#include "php_ini.h"
#include "ext/standard/dl.h"
#include "zend_extensions.h"
+#include "zend_highlight.h"
typedef struct _php_extension_lists {
zend_llist engine;
@@ -45,12 +46,13 @@ static void php_ini_displayer_cb(zend_ini_entry *ini_entry, int type)
ini_entry->displayer(ini_entry, type);
} else {
char *display_string;
- uint display_string_length;
+ uint display_string_length, esc_html=0;
if (type==ZEND_INI_DISPLAY_ORIG && ini_entry->modified) {
if (ini_entry->orig_value) {
display_string = ini_entry->orig_value;
display_string_length = ini_entry->orig_value_length;
+ esc_html=1;
} else {
display_string = "<i>no value</i>";
display_string_length = sizeof("<i>no value</i>")-1;
@@ -58,11 +60,16 @@ static void php_ini_displayer_cb(zend_ini_entry *ini_entry, int type)
} else if (ini_entry->value && ini_entry->value[0]) {
display_string = ini_entry->value;
display_string_length = ini_entry->value_length;
+ esc_html=1;
} else {
display_string = "<i>no value</i>";
display_string_length = sizeof("<i>no value</i>")-1;
}
- PHPWRITE(display_string, display_string_length);
+ if(esc_html) {
+ zend_html_puts(display_string, display_string_length);
+ } else {
+ PHPWRITE(display_string, display_string_length);
+ }
}
}
Please sign in to comment.
Something went wrong with that request. Please try again.