Prevent response header splitting

2026-03-23 23:02:13 +01:00 · 2014-03-12 08:11:21 -07:00
parent d807946a24
commit efc35ac0f0
2 changed files with 2 additions and 2 deletions
--- a/cached.php
+++ b/cached.php
@@ -11,7 +11,7 @@ $abs = $pwd. "/" .(string)$_GET["f"];
 $abs = realpath($abs);

 if (strncmp($abs, $pwd, strlen($pwd)) != 0) {
-    header("Location: http://php.net/" . $_GET["f"]);
+    header("Location: http://php.net/" . strtr($_GET["f"],array("\r"=>"","\n"=>"")));
    exit;
 }

--- a/manual/change.php
+++ b/manual/change.php
@@ -3,7 +3,7 @@
 include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';

 $page = isset($_GET['page']) ? htmlspecialchars($_GET['page'], ENT_QUOTES, 'UTF-8') : '';
+$page = strtr($page, array("\r"=>"","\n"=>""));

 // Redirect to new manual page
 mirror_redirect("/manual/" . $page);
-?>