Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 2.5.1

Request #2131 PEAR::Pager allows XSS attack
Submitted: 2004-08-16 09:32 UTC
From: sou_sk at nifty dot com Assigned: quipo
Status: Closed Package: Pager
PHP Version: 4.3.8 OS: Windows
Roadmaps: (Not assigned)    

 [2004-08-16 09:32 UTC] sou_sk at nifty dot com
Description: ------------ Pager has security problem. Malicious user can cause XSS problem through URL queries like this:"><s>oooops</s> I checked this problem with bundled example.php on CVS latest version (Common.php,v 1.16). Adding code bellow prevent this problem. Common.php line:649 $qs = array_map('htmlspecialchars',$qs);


 [2004-08-17 14:46 UTC] quipo
This bug has been fixed in CVS. In case this was a documentation problem, the fix will show up at the end of next Sunday (CET) on In case this was a website problem, the change will show up on the website in short time. Thank you for the report, and for helping us make PEAR better.