gentoo-overlay/dev-php/jpgraph/files/cve-2009-4422.patch

diff -ur jpgraph-3.0.7.orig/src/jpgraph.php jpgraph-3.0.7/src/jpgraph.php
--- jpgraph-3.0.7.orig/src/jpgraph.php	1970-01-01 10:13:08.000000000 +0100
+++ jpgraph-3.0.7/src/jpgraph.php	2012-06-11 14:55:18.557995018 +0200
@@ -1286,11 +1286,11 @@
         while( list($key,$value) = each($_GET) ) {
             if( is_array($value) ) {
                 foreach ( $value as $k => $v ) {
-                    $urlarg .= '&'.$key.'%5B'.$k.'%5D='.urlencode($v);
+                    $urlarg .= '&'.urlencode($key).'%5B'.$k.'%5D='.urlencode($v);
                 }
             }
             else {
-                $urlarg .= '&'.$key.'='.urlencode($value);
+                $urlarg .= '&'.urlencode($key).'='.urlencode($value);
             }
         }
 
@@ -1301,11 +1301,11 @@
         while( list($key,$value) = each($_POST) ) {
             if( is_array($value) ) {
                 foreach ( $value as $k => $v ) {
-                    $urlarg .= '&'.$key.'%5B'.$k.'%5D='.urlencode($v);
+                    $urlarg .= '&'.htmlentities($key).'%5B'.$k.'%5D='.htmlentities($v);
                 }
             }
             else {
-                $urlarg .= '&'.$key.'='.urlencode($value);
+                $urlarg .= '&'.htmlentities($key).'='.htmlentities($value);
             }
         }