- Fixed bug #62964 (Possible XSS on "Registered stream filters" info) patch by: david at nnucomputerwhiz dot com

felipensp · felipensp · commit 41b73e4cee9c · 2013-06-25T18:00:33.000-03:00
diff --git a/ext/standard/info.c b/ext/standard/info.c
@@ -125,7 +125,11 @@ static void php_info_print_stream_hash(const char *name, HashTable *ht TSRMLS_DC
 			zend_hash_internal_pointer_reset_ex(ht, &pos);
 			while (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING)
 			{
-				php_info_print(key);
+				if (!sapi_module.phpinfo_as_text) {
+					php_info_print_html_esc(key, len-1);
+				} else {
+					php_info_print(key);
+				}
 				zend_hash_move_forward_ex(ht, &pos);
 				if (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) {
 					php_info_print(", ");
