On Mon, 11 Oct 2004, Christian Schneider wrote:
> I looked through the bug database and the archive of this mailing list
> but couldn't find any reference to HTTP Response Splitting. I apoligize
> if this has been discussed before :-)
>
> Basically it means that web applications return unfiltered user-supplied
> data in the HTTP header, most commonly when doing a redirect a la
> header("Location: $location");
This is the users' problem, not ours.
> Any comments?
Don't fix things that aren't broken. You always need to check user
supplied information.
Derick
--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
