View Issue Details

IDProjectCategoryView StatusLast Update
0000305XdebugUsage problems (Wrong Results)public2011-10-01 13:06
ReporterhoffieAssigned Toderick 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version 
Summary0000305: xdebug exception handler doesn't properly handle special chars
DescriptionWhile PHP's default exception handler escapes special chars like <, > and " correctly, xdebug's exception handler doesn't.
Basically this might be classified as XSS, but as xdebug is intended for debugging only I don't think it is that critical (it should still be fixed, of course).
Additional Information$ echo '<?php throw new Exception("<MARK>"); ?>' | php-cgi -n | grep MARK
Fatal error: Uncaught exception 'Exception' with message '<MARK>' in /tmp/-:1

$ echo '<?php throw new Exception("<MARK>"); ?>' | php-cgi | grep MARK
<tr><th align='left' bgcolor='#f57900' colspan="5"><span style='background-color: #cc0000; color: #fce94f; font-size: x-large;'>( ! )</span> Exception: <MARK> in /tmp/- on line 1</th></tr>
TagsNo tags attached.
Operating SystemLinux 2.6
PHP Version5.2-dev

Activities

derick

2011-10-01 13:06

administrator   ~0001826

Fixed for Xdebug 2.1.3 and 2.2-dev

Issue History

Date Modified Username Field Change
2007-08-28 13:41 hoffie New Issue
2011-10-01 13:06 derick Note Added: 0001826
2011-10-01 13:06 derick Status new => resolved
2011-10-01 13:06 derick Resolution open => fixed
2011-10-01 13:06 derick Assigned To => derick
2016-07-31 12:36 derick Category Usage problems => Usage problems (Crashes)
2016-07-31 12:38 derick Category Usage problems (Crashes) => Usage problems (Wrong Results)