Improve the fix, thanks to Raphael Geissert
[users/olberger-guest/nusoap.git] / debian / patches / 595248.patch
index 6af3d72..11202fa 100644 (file)
@@ -1,36 +1,68 @@
 diff --git a/lib/class.wsdl.php b/lib/class.wsdl.php
-index f435e54..d3f7034 100644
+index f435e54..81117db 100644
 --- a/lib/class.wsdl.php
 +++ b/lib/class.wsdl.php
-@@ -743,9 +743,11 @@ class wsdl extends nusoap_base {
+@@ -742,13 +742,13 @@ class wsdl extends nusoap_base {
+     function webDescription(){\r
        global $HTTP_SERVER_VARS;\r
  \r
-               if (isset($_SERVER)) {\r
+-              if (isset($_SERVER)) {\r
 -                      $PHP_SELF = $_SERVER['PHP_SELF'];\r
-+                // Avoid XSS injection in PHP_SELF\r
-+                $PHP_SELF = substr($_SERVER['PHP_SELF'], 0, (strlen($_SERVER['PHP_SELF']) - strlen($_SERVER['PATH_INFO'])));\r
-               } elseif (isset($HTTP_SERVER_VARS)) {\r
+-              } elseif (isset($HTTP_SERVER_VARS)) {\r
 -                      $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];\r
-+                // Avoid XSS injection in PHP_SELF\r
-+                $PHP_SELF = substr($HTTP_SERVER_VARS['PHP_SELF'], 0, (strlen($HTTP_SERVER_VARS['PHP_SELF']) - strlen($HTTP_SERVER_VARS['PATH_INFO'])));\r
-               } else {\r
-                       $this->setError("Neither _SERVER nor HTTP_SERVER_VARS is available");\r
-               }\r
+-              } else {\r
+-                      $this->setError("Neither _SERVER nor HTTP_SERVER_VARS is available");\r
+-              }\r
++              /* if (isset($_SERVER)) { */\r
++              /*      $PHP_SELF = $_SERVER['PHP_SELF']; */\r
++              /* } elseif (isset($HTTP_SERVER_VARS)) { */\r
++              /*      $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; */\r
++              /* } else { */\r
++              /*      $this->setError("Neither _SERVER nor HTTP_SERVER_VARS is available"); */\r
++              /* } */\r
\r
+               $b = '\r
+               <html><head><title>NuSOAP: '.$this->serviceName.'</title>\r
+@@ -829,7 +829,7 @@ class wsdl extends nusoap_base {
+                       <br><br>\r
+                       <div class=title>'.$this->serviceName.'</div>\r
+                       <div class=nav>\r
+-                              <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service.\r
++                              <p>View the <a href="?wsdl">WSDL</a> for the service.\r
+                               Click on an operation name to view it&apos;s details.</p>\r
+                               <ul>';\r
+                               foreach($this->getOperations() as $op => $data){\r
 diff --git a/lib/nusoap.php b/lib/nusoap.php
-index a6dd21d..2860730 100644
+index a6dd21d..39175a2 100644
 --- a/lib/nusoap.php
 +++ b/lib/nusoap.php
-@@ -5222,9 +5222,11 @@ class wsdl extends nusoap_base {
+@@ -5221,13 +5221,13 @@ class wsdl extends nusoap_base {
+     function webDescription(){\r
        global $HTTP_SERVER_VARS;\r
  \r
-               if (isset($_SERVER)) {\r
+-              if (isset($_SERVER)) {\r
 -                      $PHP_SELF = $_SERVER['PHP_SELF'];\r
-+                // Avoid XSS injection in PHP_SELF\r
-+                $PHP_SELF = substr($_SERVER['PHP_SELF'], 0, (strlen($_SERVER['PHP_SELF']) - strlen($_SERVER['PATH_INFO'])));\r
-               } elseif (isset($HTTP_SERVER_VARS)) {\r
+-              } elseif (isset($HTTP_SERVER_VARS)) {\r
 -                      $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];\r
-+                // Avoid XSS injection in PHP_SELF\r
-+                $PHP_SELF = substr($HTTP_SERVER_VARS['PHP_SELF'], 0, (strlen($HTTP_SERVER_VARS['PHP_SELF']) - strlen($HTTP_SERVER_VARS['PATH_INFO'])));\r
-               } else {\r
-                       $this->setError("Neither _SERVER nor HTTP_SERVER_VARS is available");\r
-               }\r
+-              } else {\r
+-                      $this->setError("Neither _SERVER nor HTTP_SERVER_VARS is available");\r
+-              }\r
++              /* if (isset($_SERVER)) { */\r
++              /*      $PHP_SELF = $_SERVER['PHP_SELF']; */\r
++              /* } elseif (isset($HTTP_SERVER_VARS)) { */\r
++              /*      $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; */\r
++              /* } else { */\r
++              /*      $this->setError("Neither _SERVER nor HTTP_SERVER_VARS is available"); */\r
++              /* } */\r
\r
+               $b = '\r
+               <html><head><title>NuSOAP: '.$this->serviceName.'</title>\r
+@@ -5308,7 +5308,7 @@ class wsdl extends nusoap_base {
+                       <br><br>\r
+                       <div class=title>'.$this->serviceName.'</div>\r
+                       <div class=nav>\r
+-                              <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service.\r
++                              <p>View the <a href="?wsdl">WSDL</a> for the service.\r
+                               Click on an operation name to view it&apos;s details.</p>\r
+                               <ul>';\r
+                               foreach($this->getOperations() as $op => $data){\r