- ensure that the request_uri is escaped wherever used (Joe Orton) --- ext/standard/info.c 2005-08-28 03:03:41.000000000 +0200 +++ ext/standard/info.c.oden 2005-11-23 18:32:01.000000000 +0100 @@ -402,6 +402,7 @@ char **env, *tmp1, *tmp2; char *php_uname; int expose_php = INI_INT("expose_php"); + char *req_uri; if (!sapi_module.phpinfo_as_text) { php_print_info_htmlhead(TSRMLS_C); @@ -409,6 +410,12 @@ PUTS("phpinfo()\n"); } + if (SG(request_info).request_uri) { + req_uri = php_info_html_esc(SG(request_info).request_uri); + } else { + req_uri = NULL; + } + if (flag & PHP_INFO_GENERAL) { char *zend_version = get_zend_version(); char temp_api[10];