[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-cvs
Subject:    [PHP-CVS] cvs: php-src /ext/standard info.c
From:       "Ilia Alshanetsky" <iliaa () php ! net>
Date:       2006-03-30 19:16:28
Message-ID: cvsiliaa1143746188 () cvsserver
[Download RAW message or body]

iliaa		Thu Mar 30 19:16:28 2006 UTC

  Modified files:              
    /php-src/ext/standard	info.c 
  Log:
  MFB51: Fixed XSS inside phpinfo() with long inputs.
  
  
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261&diff_format=u
                
Index: php-src/ext/standard/info.c
diff -u php-src/ext/standard/info.c:1.260 php-src/ext/standard/info.c:1.261
--- php-src/ext/standard/info.c:1.260	Thu Mar  2 13:12:45 2006
+++ php-src/ext/standard/info.c	Thu Mar 30 19:16:28 2006
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: info.c,v 1.260 2006/03/02 13:12:45 dmitry Exp $ */
+/* $Id: info.c,v 1.261 2006/03/30 19:16:28 iliaa Exp $ */
 
 #include "php.h"
 #include "php_ini.h"
@@ -60,6 +60,21 @@
 
 PHPAPI extern char *php_ini_opened_path;
 PHPAPI extern char *php_ini_scanned_files;
+	
+static int php_info_write_wrapper(const char *str, uint str_length)
+{
+	TSRMLS_FETCH();
+
+	int new_len, written;
+	char *elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, \
ENT_QUOTES, NULL TSRMLS_CC); +
+	written = php_body_write(elem_esc, new_len TSRMLS_CC);
+
+	efree(elem_esc);
+
+	return written;
+}
+
 
 /* {{{ _display_module_info
  */
@@ -137,30 +152,13 @@
 				PUTS(" => ");
 			}
 			if (Z_TYPE_PP(tmp) == IS_ARRAY) {
-				zval *tmp3;
-
-				MAKE_STD_ZVAL(tmp3);
-
 				if (!sapi_module.phpinfo_as_text) {
 					PUTS("<pre>");
-				}
-				php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
-				
-				zend_print_zval_r(*tmp, 0 TSRMLS_CC);
-				
-				php_ob_get_buffer(tmp3 TSRMLS_CC);
-				php_end_ob_buffer(0, 0 TSRMLS_CC);
-				
-				if (!sapi_module.phpinfo_as_text) {
-					elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
-					PUTS(elem_esc);
-					efree(elem_esc);
+					zend_print_zval_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0 \
TSRMLS_CC);  PUTS("</pre>");
 				} else {
-					PUTS(Z_STRVAL_P(tmp3));
+					zend_print_zval_r(*tmp, 0 TSRMLS_CC);
 				}
-				zval_ptr_dtor(&tmp3);
-
 			} else if (Z_TYPE_PP(tmp) != IS_STRING) {
 				tmp2 = **tmp;
 				zval_copy_ctor(&tmp2);

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic