Opened 4 years ago
Closed 4 years ago
#218 closed defect (fixed)
[patch] Support for arrays in xcache-admin
| Reported by: | laurentb | Owned by: | moo |
|---|---|---|---|
| Priority: | minor | Milestone: | 1.3.0 |
| Component: | admin | Version: | 1.2.1 |
| Keywords: | Cc: | ||
| Application: | PHP Version: | ||
| Other Exts: | SAPI: | Irrelevant | |
| Probability: | Always | Blocked By: | |
| Blocking: |
Description
XCache supports caching arrays, however it crashes the web-based admin when you try to view one.
Here is a very simple fix that won't change the display for string variables.
Index: xcache-admin/edit.tpl.php
===================================================================
--- xcache-admin/edit.tpl.php
+++ xcache-admin/edit.tpl.php
@@ -1,7 +1,7 @@
<?php include("header.tpl.php"); ?>
<?php
$h_name = htmlspecialchars($name);
-$h_value = htmlspecialchars($value);
+$h_value = is_string($value) ? htmlspecialchars($value) : htmlspecialchars(var_export($value, true));
?>
<form method="post" action="">
<fieldset>
Change History (2)
comment:1 Changed 4 years ago by moo
- Status changed from new to assigned
comment:2 Changed 4 years ago by moo
- Milestone changed from 1.3.1 to 1.3.0
- Resolution set to fixed
- Status changed from assigned to closed
Note: See
TracTickets for help on using
tickets.
it was fixed in trunk/edit.php, but not merged to 1.3/1.2 yet. this ticket remind me that when auth is disabled, by disabling in ini or setting $HTTP variable, either way, will cause the eval() be injectable, leaving as a security hole.