Bug #62964 [Com]: Cross-Site Scripting
Edit report at https://bugs.php.net/bug.php?id=62964&edit=1
ID: 62964
Comment by: david at nnucomputerwhiz dot com
Reported by:ymaryshev at ptsecurity dot ru
Summary:Cross-Site Scripting
Status: Open
Type: Bug
Package:*General Issues
Operating System: win
PHP Version:5.4.6
Block user comment: N
Private report: N
New Comment:
I can't imagine this bug ever causing any real security problems but whenever
outputting anything to the browser that could contain html entities they should
be encoded. So php_info_print should probably be modified to use htmlentities
so
if it ever tried to print a '&' or '<' to the browser it will be displayed
properly.
Previous Comments:
[2012-09-01 17:18:40] zyss at mail dot zp dot ua
Unfortunately most of PHP output functions are vulnerable in the same way...
For example, built-in echo function:
$a = "alert('Positive')";
echo $a; // echo IS VULNERABLE!!!11oneoneeleven
Seriously, healthy programmer never allows untrusted data (user input) to be
passed to stream_filter_register() as well as to other functions.
Moreover, phpinfo() should never be exposed.
[2012-08-29 12:06:08] ymaryshev at ptsecurity dot ru
Description:
An attacker can conduct cross-site scripting attack because of incorrect
implementation of php_info_print_stream_hash function in phpinfo in PHP.
Vulnerability exists in /ext/sqlite3/ info.c file. Here is the vulnerable code:
static void php_info_print_stream_hash(const char *name, HashTable *ht
TSRMLS_DC)
/* {{{ */ {
...
while (zend_hash_get_current_key_ex(ht, &key, &len,
NULL,
0, &pos) == HASH_KEY_IS_STRING)
{
php_info_print(key);
...
Test script:
---
alert('Positive')","a");
phpinfo();
?>
--
Edit this bug report at https://bugs.php.net/bug.php?id=62964&edit=1
Bug #62964 [Com]: Cross-Site Scripting
Edit report at https://bugs.php.net/bug.php?id=62964&edit=1
ID: 62964
Comment by: david at nnucomputerwhiz dot com
Reported by:ymaryshev at ptsecurity dot ru
Summary:Cross-Site Scripting
Status: Open
Type: Bug
Package:*General Issues
Operating System: win
PHP Version:5.4.6
Block user comment: N
Private report: N
New Comment:
Added patch. It's a really simple change to use php_info_print_html_esc when
appropriate. We do the same thing with other functions like
php_print_gpcse_array()
Previous Comments:
[2012-09-14 05:35:31] david at nnucomputerwhiz dot com
I can't imagine this bug ever causing any real security problems but whenever
outputting anything to the browser that could contain html entities they should
be encoded. So php_info_print should probably be modified to use htmlentities
so
if it ever tried to print a '&' or '<' to the browser it will be displayed
properly.
[2012-09-01 17:18:40] zyss at mail dot zp dot ua
Unfortunately most of PHP output functions are vulnerable in the same way...
For example, built-in echo function:
$a = "alert('Positive')";
echo $a; // echo IS VULNERABLE!!!11oneoneeleven
Seriously, healthy programmer never allows untrusted data (user input) to be
passed to stream_filter_register() as well as to other functions.
Moreover, phpinfo() should never be exposed.
[2012-08-29 12:06:08] ymaryshev at ptsecurity dot ru
Description:
An attacker can conduct cross-site scripting attack because of incorrect
implementation of php_info_print_stream_hash function in phpinfo in PHP.
Vulnerability exists in /ext/sqlite3/ info.c file. Here is the vulnerable code:
static void php_info_print_stream_hash(const char *name, HashTable *ht
TSRMLS_DC)
/* {{{ */ {
...
while (zend_hash_get_current_key_ex(ht, &key, &len,
NULL,
0, &pos) == HASH_KEY_IS_STRING)
{
php_info_print(key);
...
Test script:
---
alert('Positive')","a");
phpinfo();
?>
--
Edit this bug report at https://bugs.php.net/bug.php?id=62964&edit=1
Bug #62632 [Com]: Incorrect image generated
Edit report at https://bugs.php.net/bug.php?id=62632&edit=1
ID: 62632
Comment by: david at nnucomputerwhiz dot com
Reported by:marc at phpmyadmin dot net
Summary:Incorrect image generated
Status: Open
Type: Bug
Package:GD related
Operating System: Linux
PHP Version:5.4.5
Block user comment: N
Private report: N
New Comment:
Works for me in php 5.4.4-4 from Debian testing.
Previous Comments:
[2012-07-22 20:52:10] marc at phpmyadmin dot net
Here is the image I used:
http://www.infomarc.info/MarcDelisle-140x185.jpg
[2012-07-22 19:18:32] a...@php.net
$contents = file_get_contents('marc.jpg');
A link to marc.jpg would be useful.
[2012-07-22 15:17:53] marc at phpmyadmin dot net
Description:
The test script (master.html calling image.php) works fine with PHP 5.3.13 but
fails to produce an image with PHP 5.4.4 or 5.4.5.
'./configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-libdir=lib64'
'--disable-debug' '--enable-calendar' '--with-gd=shared' '--with-freetype-dir'
'--with-mysql=shared,mysqlnd' '--with-mysqli=shared,mysqlnd' '--with-regex=php'
'--with-png-dir=/usr/lib' '--with-zlib=shared' '--with-iconv=shared'
'--enable-ftp' '--with-mcrypt=shared' '--with-bz2=shared' '--enable-zip'
'--with-jpeg-dir=/usr/lib' '--enable-mbstring' '--without-sqlite'
'--enable-dom' '--enable-json' '--with-pdo-mysql=mysqlnd' '--with-pear'
'--enable-bcmath' '--with-curl=shared' '--with-ldap=shared,/usr'
'--with-gettext=shared' '--with-snmp=shared' '--enable-soap' '--enable-sockets'
Test script:
---
master.html:
image.php:
Expected result:
A photo is displayed.
Actual result:
--
The alt tag of the photo is displayed.
--
Edit this bug report at https://bugs.php.net/bug.php?id=62632&edit=1
Bug #62785 [Com]: mktime() and strtotime() does not return anything for date '2050-12-31''
Edit report at https://bugs.php.net/bug.php?id=62785&edit=1
ID: 62785
Comment by: david at nnucomputerwhiz dot com
Reported by:d dot sandip59 at gmail dot com
Summary:mktime() and strtotime() does not return anything
for date '2050-12-31''
Status: Open
Type: Bug
Package:Date/time related
Operating System: Windows XP
PHP Version:5.4.5
Block user comment: N
Private report: N
New Comment:
I can confirm that this bug does NOT exist in Debian Linux 64-bit but does
exist
in Windows XP 32-bit using the 5.4.7 binaries from php.net. Not sure if it's
going to be possible to fix since it's probably OS dependent.
Previous Comments:
[2012-08-09 12:16:06] paj...@php.net
fix category
[2012-08-09 12:13:27] anon at anon dot anon
https://en.wikipedia.org/wiki/Year_2038_problem
[2012-08-09 10:00:42] d dot sandip59 at gmail dot com
Description:
I have use this date:-
$exp_date = "2050-12-31 00:00:00";
$timestamp = strtotime($exp_date);
echo $timestamp;
But i got no timestamp value for it.
Also, I am using this following code:-
list($year, $month, $date) = explode('-', $exp_date);
$timestamp = mktime(0,0,0, $month,$date,$year);
echo $timestamp;
But i also got no timestamp value for it.
Test script:
---
I have use this date:-
$exp_date = "2050-12-31 00:00:00";
$timestamp = strtotime($exp_date);
echo $timestamp;
list($year, $month, $date) = explode('-', $exp_date);
$timestamp = mktime(0,0,0, $month,$date,$year);
echo $timestamp;
Expected result:
It show return a timestamp value even after the year 2037. Till the year 2037
it is returning valid timestamp value, but after that it does not return any
timestamp value.
--
Edit this bug report at https://bugs.php.net/bug.php?id=62785&edit=1
