On Mon, 11 Oct 2004, Christian Schneider wrote:

> I looked through the bug database and the archive of this mailing list
> but couldn't find any reference to HTTP Response Splitting. I apoligize
> if this has been discussed before :-)
>
> Basically it means that web applications return unfiltered user-supplied
> data in the HTTP header, most commonly when doing a redirect a la
> header("Location: $location");

This is the users' problem, not ours.

> Any comments?

Don't fix things that aren't broken. You always need to check user
supplied information.

Derick

-- 
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to