forked from extern/egroupware
SECURITY UPDATE - merged from phpxmlrpc dist:
All releases up to and including version 1.0 of XML-RPC for PHP have a serious security vulnerability, allowing hostile remote clients or servers to execute arbitrary code on your machine.
This commit is contained in:
parent
c4446115a9
commit
87cd2a48dd
@ -363,18 +363,9 @@
|
||||
// and say we've found a value
|
||||
$GLOBALS['_xh'][$parser]['lv']=2;
|
||||
}
|
||||
if (isset($GLOBALS['_xh'][$parser]['qt']) && $GLOBALS['_xh'][$parser]['qt'])
|
||||
{
|
||||
// quoted string: replace characters that eval would
|
||||
// do special things with
|
||||
$GLOBALS['_xh'][$parser]['ac'].=str_replace('$', '\$',
|
||||
str_replace('"', '\"',
|
||||
str_replace(chr(92),$GLOBALS['xmlrpc_backslash'], $data)));
|
||||
}
|
||||
else
|
||||
{
|
||||
$GLOBALS['_xh'][$parser]['ac'].=$data;
|
||||
}
|
||||
$GLOBALS['_xh'][$parser]['ac'].=str_replace('$', '\$',
|
||||
str_replace('"', '\"',
|
||||
str_replace(chr(92),$GLOBALS['xmlrpc_backslash'], $data)));
|
||||
}
|
||||
}
|
||||
|
||||
@ -387,7 +378,9 @@
|
||||
$GLOBALS['_xh'][$parser]['qt']=1;
|
||||
$GLOBALS['_xh'][$parser]['lv']=2;
|
||||
}
|
||||
$GLOBALS['_xh'][$parser]['ac'].=$data;
|
||||
$GLOBALS['_xh'][$parser]['ac'].=str_replace('$', '\$',
|
||||
str_replace('"', '\"',
|
||||
str_replace(chr(92),$GLOBALS['xmlrpc_backslash'], $data)));
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user