»
« home   paste   Anonymous | Login | Signup for a new account 11-17-2017 18:13 CET
 
* X »
«
GeSHi - Generic Syntax Highlighter Syntax Coloriser for PHP
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000111 [GeSHi] core major always 02-21-07 09:50 02-22-07 13:35
Reporter BenBE View Status public  
Assigned To BenBE
Priority urgent Resolution fixed  
Status resolved   Product Version 1.1.1
Summary 0000111: Possible Heap Overflow by PHP security issue
Description Like reported at http://wush.net/trac/wikka/ticket/427 [^] (follow the links there) PHP has a security vulnerability that may allow attackers to execute arbitary (maschine) code by exploiting a flaw in htmlentities and htmlspecialchars.
Additional Information Follow the links on the Wikka Tracker Item linked above.
Attached Files

- Relationships

- Notes
(0000513)
nigel
02-21-07 09:51

As per note in #geshi - I would like to see the implemented as GeSHi::hsc() rather than a global function. GeSHi is a library, and as such should not impact on the global namespace where possible.
 
(0000514)
BenBE
02-22-07 13:35

Implemented this fix as said in Note: 0000513 using a static function.
 

- Issue History
Date Modified Username Field Change
02-21-07 09:50 BenBE New Issue
02-21-07 09:50 BenBE Status new => assigned
02-21-07 09:50 BenBE Assigned To  => BenBE
02-21-07 09:51 nigel Note Added: 0000513
02-22-07 13:35 BenBE Status assigned => resolved
02-22-07 13:35 BenBE Fixed in Version  => 1.1.2alpha4
02-22-07 13:35 BenBE Resolution open => fixed
02-22-07 13:35 BenBE Note Added: 0000514

  


Mantis 1.0.0rc2[^]
Copyright © 2000 - 2005 Mantis Group
37 total queries executed.
31 unique queries executed.
Powered by Mantis Bugtracker