SECURITY UPDATE - merged from phpxmlrpc dist:

All releases up to and including version 1.0 of XML-RPC for PHP have a
serious security vulnerability, allowing hostile remote clients or
servers to execute arbitrary code on your machine.
This commit is contained in:
Miles Lott 2001-09-25 14:42:43 +00:00
parent c4446115a9
commit 87cd2a48dd

View File

@ -363,19 +363,10 @@
// and say we've found a value
$GLOBALS['_xh'][$parser]['lv']=2;
}
if (isset($GLOBALS['_xh'][$parser]['qt']) && $GLOBALS['_xh'][$parser]['qt'])
{
// quoted string: replace characters that eval would
// do special things with
$GLOBALS['_xh'][$parser]['ac'].=str_replace('$', '\$',
str_replace('"', '\"',
str_replace(chr(92),$GLOBALS['xmlrpc_backslash'], $data)));
}
else
{
$GLOBALS['_xh'][$parser]['ac'].=$data;
}
}
}
function xmlrpc_dh($parser, $data)
@ -387,7 +378,9 @@
$GLOBALS['_xh'][$parser]['qt']=1;
$GLOBALS['_xh'][$parser]['lv']=2;
}
$GLOBALS['_xh'][$parser]['ac'].=$data;
$GLOBALS['_xh'][$parser]['ac'].=str_replace('$', '\$',
str_replace('"', '\"',
str_replace(chr(92),$GLOBALS['xmlrpc_backslash'], $data)));
}
}