holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SECURITY UPDATE - merged from phpxmlrpc dist:

Browse Source 
All releases up to and including version 1.0 of XML-RPC for PHP have a
serious security vulnerability, allowing hostile remote clients or
servers to execute arbitrary code on your machine.
This commit is contained in:
Miles Lott 2001-09-25 14:42:43 +00:00
parent c4446115a9
commit 87cd2a48dd
1 changed files with 6 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
phpgwapi/inc/xml_functions.inc.php
View File

@ -363,18 +363,9 @@
// and say we've found a value // and say we've found a value
$GLOBALS['_xh'][$parser]['lv']=2; $GLOBALS['_xh'][$parser]['lv']=2;
} }
if (isset($GLOBALS['_xh'][$parser]['qt']) && $GLOBALS['_xh'][$parser]['qt']) $GLOBALS['_xh'][$parser]['ac'].=str_replace('$', '\$',
{ str_replace('"', '\"',
// quoted string: replace characters that eval would str_replace(chr(92),$GLOBALS['xmlrpc_backslash'], $data)));
// do special things with
$GLOBALS['_xh'][$parser]['ac'].=str_replace('$', '\$',
str_replace('"', '\"',
str_replace(chr(92),$GLOBALS['xmlrpc_backslash'], $data)));
}
else
{
$GLOBALS['_xh'][$parser]['ac'].=$data;
}
} }
} }
@ -387,7 +378,9 @@
$GLOBALS['_xh'][$parser]['qt']=1; $GLOBALS['_xh'][$parser]['qt']=1;
$GLOBALS['_xh'][$parser]['lv']=2; $GLOBALS['_xh'][$parser]['lv']=2;
} }
$GLOBALS['_xh'][$parser]['ac'].=$data; $GLOBALS['_xh'][$parser]['ac'].=str_replace('$', '\$',
str_replace('"', '\"',
str_replace(chr(92),$GLOBALS['xmlrpc_backslash'], $data)));
} }
} }