0000305: xdebug exception handler doesn't properly handle special chars

ID	Project	Category	View Status	Date Submitted	Last Update

0000305	Xdebug	Uncategorized	public	2007-08-28 13:41	2011-10-01 13:06

Reporter	hoffie	Assigned To	derick
Priority	normal	Severity	minor	Reproducibility	always
Status	resolved	Resolution	fixed

Summary	0000305: xdebug exception handler doesn't properly handle special chars
Description	While PHP's default exception handler escapes special chars like <, > and " correctly, xdebug's exception handler doesn't. Basically this might be classified as XSS, but as xdebug is intended for debugging only I don't think it is that critical (it should still be fixed, of course).
Additional Information	$ echo '<?php throw new Exception("<MARK>"); ?>' \| php-cgi -n \| grep MARK Fatal error: Uncaught exception 'Exception' with message '<MARK>' in /tmp/-:1 $ echo '<?php throw new Exception("<MARK>"); ?>' \| php-cgi \| grep MARK <tr><th align='left' bgcolor='#f57900' colspan="5"><span style='background-color: #cc0000; color: #fce94f; font-size: x-large;'>( ! )</span> Exception: <MARK> in /tmp/- on line 1</th></tr>
Tags	No tags attached.

Operating System	Linux 2.6
PHP Version	5.2-dev

Date Modified	Username	Field	Change
2007-08-28 13:41	hoffie	New Issue
2011-10-01 13:06	derick	Note Added: 0001826
2011-10-01 13:06	derick	Status	new => resolved
2011-10-01 13:06	derick	Resolution	open => fixed
2011-10-01 13:06	derick	Assigned To	=> derick
2016-07-31 12:36	derick	Category	Usage problems => Usage problems (Crashes)
2016-07-31 12:38	derick	Category	Usage problems (Crashes) => Usage problems (Wrong Results)
2020-03-12 16:35	derick	Category	Usage problems (Wrong Results) => Variable Display
2020-03-12 16:38	derick	Category	Variable Display => Uncategorized

derick 2011-10-01 13:06 administrator ~0001826	Fixed for Xdebug 2.1.3 and 2.2-dev