View Issue Details

IDProjectCategoryView StatusLast Update
0000305XdebugUncategorizedpublic2011-10-01 13:06
Reporterhoffie Assigned Toderick  
Status resolvedResolutionfixed 
Summary0000305: xdebug exception handler doesn't properly handle special chars

While PHP's default exception handler escapes special chars like <, > and " correctly, xdebug's exception handler doesn't.
Basically this might be classified as XSS, but as xdebug is intended for debugging only I don't think it is that critical (it should still be fixed, of course).

Additional Information

$ echo '<?php throw new Exception("<MARK>"); ?>' | php-cgi -n | grep MARK
<b>Fatal error</b>: Uncaught exception 'Exception' with message '<MARK>' in /tmp/-:1

$ echo '<?php throw new Exception("<MARK>"); ?>' | php-cgi | grep MARK
<tr><th align='left' bgcolor='#f57900' colspan="5"><span style='background-color: #cc0000; color: #fce94f; font-size: x-large;'>( ! )</span> Exception: <MARK> in /tmp/- on line <i>1</i></th></tr>

TagsNo tags attached.
Operating SystemLinux 2.6
PHP Version5.2-dev



2011-10-01 13:06

administrator   ~0001826

Fixed for Xdebug 2.1.3 and 2.2-dev

Issue History

Date Modified Username Field Change
2007-08-28 13:41 hoffie New Issue
2011-10-01 13:06 derick Note Added: 0001826
2011-10-01 13:06 derick Status new => resolved
2011-10-01 13:06 derick Resolution open => fixed
2011-10-01 13:06 derick Assigned To => derick
2016-07-31 12:36 derick Category Usage problems => Usage problems (Crashes)
2016-07-31 12:38 derick Category Usage problems (Crashes) => Usage problems (Wrong Results)
2020-03-12 16:35 derick Category Usage problems (Wrong Results) => Variable Display
2020-03-12 16:38 derick Category Variable Display => Uncategorized