Fix reflected XSS with symbol parameter #50

longxinH · longxinH · commit ed085523c644 · 2020-11-26T18:07:55.000+08:00
diff --git a/extension/php_xhprof.h b/extension/php_xhprof.h
@@ -39,7 +39,7 @@ extern zend_module_entry xhprof_module_entry;
  */
 
 /* XHProf version                           */
-#define XHPROF_VERSION       "2.2.2-dev"
+#define XHPROF_VERSION       "2.2.3"
 
 #define XHPROF_FUNC_HASH_COUNTERS_SIZE   1024
 
diff --git a/xhprof_lib/utils/xhprof_lib.php b/xhprof_lib/utils/xhprof_lib.php
@@ -909,6 +909,10 @@ function xhprof_param_init($params) {
       $p = implode(',', array_filter(explode(',', $p), 'ctype_xdigit'));
     }
 
+    if ($k == 'symbol') {
+        $p = strip_tags($p);
+    }
+
     // create a global variable using the parameter name.
     $GLOBALS[$k] = $p;
   }

Original file line number	Diff line number	Diff line change
`@@ -909,6 +909,10 @@ function xhprof_param_init($params) {`
`909`	`909`	`$p = implode(',', array_filter(explode(',', $p), 'ctype_xdigit'));`
`910`	`910`	`}`
`911`	`911`
	`912`	`+ if ($k == 'symbol') {`
	`913`	`+ $p = strip_tags($p);`
	`914`	`+ }`
	`915`	`+`
`912`	`916`	`// create a global variable using the parameter name.`
`913`	`917`	`$GLOBALS[$k] = $p;`
`914`	`918`	`}`