HOME Community Articles Code Library People Mail Archive My Account Contribute PHP Jobs

Open Source Database Feature Comparison Matrix Try Declarative Programming with Annotations and Aspects Locate All Stored Procedures and Their Objects/SQL Tables Building a Stored Procedure Generator Making Tables Read-only in Oracle

24-hour Support Daily Backup Dedicated Servers JSP/Java Servlets PHP MySQL Streaming Audio/Video Telnet/SSH Unix Hosting 24-hour Support

From: bene <email protected>
Date: 04/13/01

• Next message: kpw <email protected>: "[PHP-DEV] Bug #10324: reproducable seg fault during generic script exec with pgsql and mcrypt"
• Previous message: Zeev Suraski: "Re: [PHP-DEV] Supplied argument is not a valid MySQL result resource"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: bene <email protected>
Operating system: linux 2.4
PHP version: 4.0 Latest CVS (13/04/2001)
PHP Bug Type: *Function Specific
Bug description: 4.05-dev : non-html escaped strings on phpinfo

The PHPinfo() outputs data without running htmlspecialchars()

For example:
http://www.ispep.cx/phpinfo.php?>window.location='http://www.php.net';</script>

Keep up the great work, PHP is great!

-- 
Edit Bug report at: http://bugs.php.net/?id=10323&edit=1
-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: kpw <email protected>: "[PHP-DEV] Bug #10324: reproducable seg fault during generic script exec with pgsql and mcrypt"
• Previous message: Zeev Suraski: "Re: [PHP-DEV] Supplied argument is not a valid MySQL result resource"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]