MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000305XdebugUsage problems (Wrong Results)public2007-08-28 14:412011-10-01 14:06
Reporterhoffie 
Assigned Toderick 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0000305: xdebug exception handler doesn't properly handle special chars
DescriptionWhile PHP's default exception handler escapes special chars like <, > and " correctly, xdebug's exception handler doesn't.
Basically this might be classified as XSS, but as xdebug is intended for debugging only I don't think it is that critical (it should still be fixed, of course).
Additional Information$ echo '<?php throw new Exception("<MARK>"); ?>' | php-cgi -n | grep MARK
Fatal error: Uncaught exception 'Exception' with message '<MARK>' in /tmp/-:1

$ echo '<?php throw new Exception("<MARK>"); ?>' | php-cgi | grep MARK
<tr><th align='left' bgcolor='#f57900' colspan="5"><span style='background-color: #cc0000; color: #fce94f; font-size: x-large;'>( ! )</span> Exception: <MARK> in /tmp/- on line 1</th></tr>
TagsNo tags attached.
Operating SystemLinux 2.6
PHP Version5.2-dev
Attached Files

- Relationships

-  Notes
(0001826)
derick (administrator)
2011-10-01 14:06

Fixed for Xdebug 2.1.3 and 2.2-dev

- Issue History
Date Modified Username Field Change
2007-08-28 14:41 hoffie New Issue
2011-10-01 14:06 derick Note Added: 0001826
2011-10-01 14:06 derick Status new => resolved
2011-10-01 14:06 derick Resolution open => fixed
2011-10-01 14:06 derick Assigned To => derick
2016-07-31 13:36 derick Category Usage problems => Usage problems (Crashes)
2016-07-31 13:38 derick Category Usage problems (Crashes) => Usage problems (Wrong Results)


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker