»
« home   paste   Anonymous | Login | Signup for a new account 04-26-2019 08:26 CEST
 
* X »
«
GeSHi - Generic Syntax Highlighter Syntax Coloriser for PHP
  

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000111 [GeSHi] core major always 02-21-07 09:50 02-22-07 13:35
Reporter BenBE View Status public  
Assigned To BenBE
Priority urgent Resolution fixed Platform
Status resolved   OS
Projection none   OS Version
ETA none Fixed in Version 1.1.2alpha4 Product Version 1.1.1
  Product Build
Summary 0000111: Possible Heap Overflow by PHP security issue
Description Like reported at http://wush.net/trac/wikka/ticket/427 [^] (follow the links there) PHP has a security vulnerability that may allow attackers to execute arbitary (maschine) code by exploiting a flaw in htmlentities and htmlspecialchars.
Steps To Reproduce No demo provided
Additional Information Follow the links on the Wikka Tracker Item linked above.
Attached Files

- Relationships

- Notes
(0000513)
nigel
02-21-07 09:51

As per note in #geshi - I would like to see the implemented as GeSHi::hsc() rather than a global function. GeSHi is a library, and as such should not impact on the global namespace where possible.
 
(0000514)
BenBE
02-22-07 13:35

Implemented this fix as said in Note: 0000513 using a static function.
 

- Issue History
Date Modified Username Field Change
02-21-07 09:50 BenBE New Issue
02-21-07 09:50 BenBE Status new => assigned
02-21-07 09:50 BenBE Assigned To  => BenBE
02-21-07 09:51 nigel Note Added: 0000513
02-22-07 13:35 BenBE Status assigned => resolved
02-22-07 13:35 BenBE Fixed in Version  => 1.1.2alpha4
02-22-07 13:35 BenBE Resolution open => fixed
02-22-07 13:35 BenBE Note Added: 0000514

  


Mantis 1.0.0rc2[^]
Copyright © 2000 - 2005 Mantis Group
37 total queries executed.
31 unique queries executed.
Powered by Mantis Bugtracker