Correct XSS injection in check_system.php.

2025-07-30 21:20:11 +02:00 · 2016-08-31 15:26:14 +02:00
parent f0ab9479d6
commit 401478c839
2 changed files with 3 additions and 2 deletions
--- a/REVISION.md
+++ b/REVISION.md
@@ -5,9 +5,10 @@ Revision history
 [![Build Status](https://scrutinizer-ci.com/g/mosbth/cimage/badges/build.png?b=master)](https://scrutinizer-ci.com/g/mosbth/cimage/build-status/master)


-v0.7.19* (2016-08-11)
+v0.7.19* (2016-08-31)
 -------------------------------------

+* Correct XSS injection in `check_system.php`.
 * Composer suggests ext-imagick and ext-curl.


--- a/webroot/check_system.php
+++ b/webroot/check_system.php
@@ -2,7 +2,7 @@

 echo 'Current PHP version: ' . phpversion() . '<br><br>';

-echo 'Running on: ' . $_SERVER['SERVER_SOFTWARE'] . '<br><br>';
+echo 'Running on: ' . htmlentities($_SERVER['SERVER_SOFTWARE']) . '<br><br>';

 $no = extension_loaded('exif') ? null : 'NOT';
 echo "Extension exif is $no loaded.<br>";