From 28458b14dcd342da78de8b93f18a2a475dcc598e Mon Sep 17 00:00:00 2001 From: gggeek Date: Sun, 18 Dec 2022 21:45:33 +0000 Subject: [PATCH] update docs; bump version nr --- NEWS.md | 11 +++++++++++ debugger/action.php | 4 ++-- src/PhpXmlRpc.php | 2 +- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/NEWS.md b/NEWS.md index a6e6ec7b..e1c45eb3 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,3 +1,14 @@ +## XML-RPC for PHP version 4.9.2 - 2022-12-18 + +* security fix: removed the possibility of an XSS attack in the debugger. + Since the debugger is not designed to be exposed to end users but only to the developers using this library, and in + the default configuration it is not exposed to requests from the web, the severity of this issue can be considered low. + +* improved: the debugger now uses jsxmlrpc lib version 0.6. It loads it from a cdn rather than locally. + It also can make use of a 2nd constant to help telling it where the visual-editor form the jsxmlrpc lib is located, + in case its path on disk relative to the debugger and its url relative to the web root do not match. + + ## XML-RPC for PHP version 4.9.1 - 2022-12-12 * fixed: php warnings on php 8.2. This includes preferring usage of mbstring for converting between Latin1 and UTF8 diff --git a/debugger/action.php b/debugger/action.php index 866be2a3..961a5e20 100644 --- a/debugger/action.php +++ b/debugger/action.php @@ -22,7 +22,7 @@ header('Content-Type: text/html; charset=utf-8'); body { border-top: 1px solid gray; padding: 1em; - font-family: Verdana, Arial, Helvetica; + font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 8pt; } @@ -544,7 +544,7 @@ if ($action) {

Changelog