Opened 6 years ago

Closed 5 years ago

#218 closed defect (fixed)

[patch] Support for arrays in xcache-admin

Reported by: laurentb Owned by: moo
Priority: minor Milestone: 1.3.0
Component: admin Version: 1.2.1
Keywords: Cc:
Application: PHP Version:
Other Exts: SAPI: Irrelevant
Probability: Always Blocked By:
Blocking:

Description

XCache supports caching arrays, however it crashes the web-based admin when you try to view one.

Here is a very simple fix that won't change the display for string variables.

Index: xcache-admin/edit.tpl.php
===================================================================
--- xcache-admin/edit.tpl.php
+++ xcache-admin/edit.tpl.php
@@ -1,7 +1,7 @@
 <?php include("header.tpl.php"); ?>
 <?php
 $h_name = htmlspecialchars($name);
-$h_value = htmlspecialchars($value);
+$h_value = is_string($value) ? htmlspecialchars($value) : htmlspecialchars(var_export($value, true));
 ?>
 <form method="post" action="">
 	<fieldset>

Change History (2)

comment:1 Changed 6 years ago by moo

  • Status changed from new to assigned

it was fixed in trunk/edit.php, but not merged to 1.3/1.2 yet. this ticket remind me that when auth is disabled, by disabling in ini or setting $HTTP variable, either way, will cause the eval() be injectable, leaving as a security hole.

comment:2 Changed 5 years ago by moo

  • Milestone changed from 1.3.1 to 1.3.0
  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.