- ensure that the request_uri is escaped wherever used (Joe Orton) --- ext/standard/info.c 2006-08-26 14:58:55.000000000 +0200 +++ ext/standard/info.c.oden 2006-08-26 14:59:45.000000000 +0200 @@ -400,6 +400,7 @@ char **env, *tmp1, *tmp2; char *php_uname; int expose_php = INI_INT("expose_php"); + char *req_uri; time_t the_time; struct tm *ta, tmbuf; @@ -412,6 +413,12 @@ PUTS("phpinfo()\n"); } + if (SG(request_info).request_uri) { + req_uri = php_info_html_esc(SG(request_info).request_uri); + } else { + req_uri = NULL; + } + if (flag & PHP_INFO_GENERAL) { char *zend_version = get_zend_version(); char temp_api[9];