Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
php4
:
4.4.9
>
php4
> php-4.3.9-CVE-2005-3388.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php-4.3.9-CVE-2005-3388.patch of Package php4
- upstream fixes for phpinfo() escaping - also ensure that the request_uri is escaped wherever used --- php-4.3.9/ext/standard/info.c.cve3388 +++ php-4.3.9/ext/standard/info.c @@ -133,10 +133,21 @@ PUTS(" => "); } if (Z_TYPE_PP(tmp) == IS_ARRAY) { + zval *tmp3; + MAKE_STD_ZVAL(tmp3); if (!sapi_module.phpinfo_as_text) { PUTS("<pre>"); } + php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC); zend_print_zval_r(*tmp, 0); + php_ob_get_buffer(tmp3 TSRMLS_CC); + php_end_ob_buffer(0, 0 TSRMLS_CC); + + elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC); + PUTS(elem_esc); + efree(elem_esc); + zval_ptr_dtor(&tmp3); + if (!sapi_module.phpinfo_as_text) { PUTS("</pre>"); } @@ -196,7 +207,7 @@ PHPAPI char *php_info_html_esc(char *string TSRMLS_DC) { int new_len; - return php_escape_html_entities(string, strlen(string), &new_len, 0, ENT_NOQUOTES, NULL TSRMLS_CC); + return php_escape_html_entities(string, strlen(string), &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC); } /* }}} */ @@ -385,6 +396,7 @@ int expose_php = INI_INT("expose_php"); time_t the_time; struct tm *ta, tmbuf; + char *req_uri; the_time = time(NULL); ta = php_localtime_r(&the_time, &tmbuf); @@ -395,6 +407,12 @@ PUTS("phpinfo()\n"); } + if (SG(request_info).request_uri) { + req_uri = php_info_html_esc(SG(request_info).request_uri); + } else { + req_uri = NULL; + } + if (flag & PHP_INFO_GENERAL) { char *zend_version = get_zend_version(); char temp_api[9]; @@ -407,8 +425,8 @@ if (expose_php && !sapi_module.phpinfo_as_text) { PUTS("<a href=\"http://www.php.net/\"><img border=\"0\" src=\""); - if (SG(request_info).request_uri) { - PUTS(SG(request_info).request_uri); + if (req_uri) { + PUTS(req_uri); } { PUTS("?="PHP_LOGO_GUID"\" alt=\"PHP Logo\" /></a>"); @@ -507,8 +525,8 @@ php_info_print_box_start(0); if (expose_php && !sapi_module.phpinfo_as_text) { PUTS("<a href=\"http://www.zend.com/\"><img border=\"0\" src=\""); - if (SG(request_info).request_uri) { - PUTS(SG(request_info).request_uri); + if (req_uri) { + PUTS(req_uri); } PUTS("?="ZEND_LOGO_GUID"\" alt=\"Zend logo\" /></a>\n"); } @@ -522,8 +540,8 @@ if ((flag & PHP_INFO_CREDITS) && expose_php && !sapi_module.phpinfo_as_text) { php_info_print_hr(); PUTS("<h1><a href=\""); - if (SG(request_info).request_uri) { - PUTS(SG(request_info).request_uri); + if (req_uri) { + PUTS(req_uri); } PUTS("?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000\">"); PUTS("PHP Credits");
