extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-08 09:04:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY UPDATE - merged from phpxmlrpc dist:

Browse Source 
All releases up to and including version 1.0 of XML-RPC for PHP have a
serious security vulnerability, allowing hostile remote clients or
servers to execute arbitrary code on your machine.
This commit is contained in:
Miles Lott 2001-09-25 14:42:43 +00:00
parent c4446115a9
commit 87cd2a48dd
1 changed files with 6 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
phpgwapi/inc/xml_functions.inc.php
View File

@ -363,18 +363,9 @@
// and say we've found a value
$GLOBALS['_xh'][$parser]['lv']=2;
}
if (isset($GLOBALS['_xh'][$parser]['qt']) && $GLOBALS['_xh'][$parser]['qt'])
{
// quoted string: replace characters that eval would
// do special things with
$GLOBALS['_xh'][$parser]['ac'].=str_replace('$', '\$',
str_replace('"', '\"',
str_replace(chr(92),$GLOBALS['xmlrpc_backslash'], $data)));
}
else
{
$GLOBALS['_xh'][$parser]['ac'].=$data;
}
$GLOBALS['_xh'][$parser]['ac'].=str_replace('$', '\$',
str_replace('"', '\"',
str_replace(chr(92),$GLOBALS['xmlrpc_backslash'], $data)));
}
}
@ -387,7 +378,9 @@
$GLOBALS['_xh'][$parser]['qt']=1;
$GLOBALS['_xh'][$parser]['lv']=2;
}
$GLOBALS['_xh'][$parser]['ac'].=$data;
$GLOBALS['_xh'][$parser]['ac'].=str_replace('$', '\$',
str_replace('"', '\"',
str_replace(chr(92),$GLOBALS['xmlrpc_backslash'], $data)));
}
}