php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56533 User details are overescaped
Submitted: 2005-09-08 12:52 UTC Modified: 2006-10-30 22:37 UTC
From: techtonik@php.net Assigned: cellog (profile)
Status: Closed Package: PECL website (PECL)
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2005-09-08 12:52 UTC] techtonik@php.net
Description:
------------
Recent patch to http://cvs.php.net/pearweb/public_html/account-edit.php
invokes htmlspecialchars on entered text, but this script http://cvs.php.net/pearweb/public_html/account-info.php also uses htmlspecialchars to output user info. 

The patch is trivial, but it requires somebody with DB and pearweb access to find and convert all non-htmlspecialcharsed descriptions first.



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-08 19:37 UTC] pierre dot php at gmail dot com
Will do that in the next early "morning"
 [2006-10-30 22:37 UTC] cellog@php.net
This bug has been fixed in CVS.

If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET).

If this was a problem with the pear.php.net website, the change should be live shortly.

Otherwise, the fix will appear in the package's next release.

Thank you for the report and for helping us make PEAR better.

database has been fixed as well
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 14 22:01:27 2024 UTC