17 Dec
2012
17 Dec
'12
6:10 p.m.
On Sun, Dec 16, 2012 at 7:12 PM, canyonknight <canyonknight@gmail.com> wrote:
This implementation is susceptible to HTTP header injection.
Ok. You mean in the current 'Location:' line without filtering 0x0a and 0x0d?
Also note the usage of $_SERVER['REQUEST_URI'] had previously been eliminated with commit 630f1cbae8473fb05e5f5af7244eccc60fe93812.
If we can't trust $_SERVER['REQUEST_URI'], then how should we determine the current URL? Using $_SERVER['PATH_INFO'] and $_SERVER['QUERY_STRING']? Or are these also susceptible to manipulation? Regards, Marcel