[PHP-CVS] cvs: php-src /main main.c

Ilia Alshanetsky Mon, 05 Dec 2005 19:15:40 -0800

iliaa           Mon Dec  5 22:13:53 2005 EDT

  Modified files:              
    /php-src/main       main.c 
  Log:
  MFB51: Fixed possible XSS inside error reporting functionality.
  
  
http://cvs.php.net/diff.php/php-src/main/main.c?r1=1.654&r2=1.655&ty=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.654 php-src/main/main.c:1.655
--- php-src/main/main.c:1.654   Mon Dec  5 20:04:39 2005
+++ php-src/main/main.c Mon Dec  5 22:13:53 2005
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: main.c,v 1.654 2005/12/06 01:04:39 sniper Exp $ */
+/* $Id: main.c,v 1.655 2005/12/06 03:13:53 iliaa Exp $ */
 
 /* {{{ includes
  */
@@ -551,6 +551,7 @@
        int buffer_len = 0;
        char *space;
        char *class_name = get_active_class_name(&space TSRMLS_CC);
+       int origin_len;
        char *function = NULL;
        char *origin;
        char *message;
@@ -608,6 +609,13 @@
                spprintf(&origin, 0, "%s", stage);      
        }
 
+       if (PG(html_errors)) {
+               int len;
+               char *replace = php_escape_html_entities(origin, origin_len, 
&len, 0, ENT_COMPAT, NULL TSRMLS_CC);
+               efree(origin);
+               origin = replace;
+       }
+
        /* origin and buffer available, so lets come up with the error message 
*/
        if (docref && docref[0] == '#') {
                docref_target = strchr(docref, '#');
@@ -877,10 +885,17 @@
                        } else {
                                char *prepend_string = 
INI_STR("error_prepend_string");
                                char *append_string = 
INI_STR("error_append_string");
-                               char *error_format = PG(html_errors) ?
-                                       "%s<br />\n<b>%s</b>:  %s in <b>%s</b> 
on line <b>%d</b><br />\n%s"
-                                       : "%s\n%s: %s in %s on line %d\n%s";    
-                               php_printf(error_format, 
STR_PRINT(prepend_string), error_type_str, buffer, error_filename, 
error_lineno, STR_PRINT(append_string));
+
+                               if (PG(html_errors)) {
+                                       char *buf, *buf2;
+                                       int len2, len = spprintf(&buf, 0, 
"%s<br />\n<b>%s</b>:  %s in <b>%s</b> on line <b>%d</b><br />\n%s", 
STR_PRINT(prepend_string), error_type_str, buffer, error_filename, 
error_lineno, STR_PRINT(append_string));
+                                       buf2 = php_escape_html_entities(buf, 
len, &len2, 0, ENT_COMPAT, NULL TSRMLS_CC);
+                                       php_printf("%s", buf2);
+                                       efree(buf);
+                                       efree(buf2);
+                               } else {
+                                       php_printf("%s\n%s: %s in %s on line 
%d\n%s", STR_PRINT(prepend_string), error_type_str, buffer, error_filename, 
error_lineno, STR_PRINT(append_string));
+                               }
                        }
                }
 #if ZEND_DEBUG


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src /main main.c

Reply via email to