GeSHi Bug Tracker - GeSHi
Viewing Issue Advanced Details
111 core major always 02-21-07 09:50 02-22-07 13:35
BenBE  
BenBE  
urgent  
resolved 1.1.1  
fixed  
none    
none 1.1.2alpha4  
0000111: Possible Heap Overflow by PHP security issue
Like reported at http://wush.net/trac/wikka/ticket/427 [^] (follow the links there) PHP has a security vulnerability that may allow attackers to execute arbitary (maschine) code by exploiting a flaw in htmlentities and htmlspecialchars.
No demo provided
Follow the links on the Wikka Tracker Item linked above.

Notes
(0000513)
nigel   
02-21-07 09:51   
As per note in #geshi - I would like to see the implemented as GeSHi::hsc() rather than a global function. GeSHi is a library, and as such should not impact on the global namespace where possible.
(0000514)
BenBE   
02-22-07 13:35   
Implemented this fix as said in Note: 0000513 using a static function.