On Fri, 03 Feb 2012 12:06:26 +0100, Stefan Esser
<stefan.es...@sektioneins.de> wrote:
[snip]
obviously inside PHP no one cares about reviewing security patches.
Perhaps then you'd want to comment on:
http://nebm.ist.utl.pt/~glopes/misc/bug60227.diff , which addresses the
NUL byte issue, although now I'm thinking that since we're in the business
of validating HTTP headers, we could also forbid the other control
characters that are forbidden by the spec (not just LF and CR).
Thank you
--
Gustavo Lopes
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
