Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 2.5.1
Request #2131 PEAR::Pager allows XSS attack
Submitted: 2004-08-16 09:32 UTC
From: sou_sk at nifty dot com Assigned: quipo
Status: Closed Package: Pager
PHP Version: 4.3.8 OS: Windows
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 49 - 5 = ?

 
 [2004-08-16 09:32 UTC] sou_sk at nifty dot com
Description: ------------ Pager has security problem. Malicious user can cause XSS problem through URL queries like this: http://example.com/pager/example.php?"><s>oooops</s> I checked this problem with bundled example.php on CVS latest version (Common.php,v 1.16). Adding code bellow prevent this problem. Common.php line:649 $qs = array_map('htmlspecialchars',$qs);

Comments

 [2004-08-17 14:46 UTC] quipo
This bug has been fixed in CVS. In case this was a documentation problem, the fix will show up at the end of next Sunday (CET) on pear.php.net. In case this was a pear.php.net website problem, the change will show up on the website in short time. Thank you for the report, and for helping us make PEAR better.