Skip to content
Snippets Groups Projects
Commit 98ca30d2 authored by Andreas Gohr's avatar Andreas Gohr
Browse files

avoid HTTP Response Splitting attacks via redirects #1513 

The header() method of PHP is vulnerable to HTTP Response Splitting
attacks.

This change makes sure the URL passed to send_redirect (and thus to
header()) does not contain any control characters that would be needed
to execute such an attack.

Cleaning input is recommended anyway.
parent 89b96b7a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment