On Mon, 11 Oct 2004, Christian Schneider wrote: > I looked through the bug database and the archive of this mailing list > but couldn't find any reference to HTTP Response Splitting. I apoligize > if this has been discussed before :-) > > Basically it means that web applications return unfiltered user-supplied > data in the HTTP header, most commonly when doing a redirect a la > header("Location: $location");
This is the users' problem, not ours. > Any comments? Don't fix things that aren't broken. You always need to check user supplied information. Derick -- Derick Rethans http://derickrethans.nl | http://ez.no | http://xdebug.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php