On 03/02/12 23:00, Stas Malyshev wrote: > Hi! > >> As it's a security patch and of small scope, I would consider it for >> 5.4. Stas, David? > > Do we have unit tests for this code? The fix involves changes in header > sending so it may have impact on lots of code. Changes like this can be > dangerous. I'm thinking maybe we should wait with it until 5.4.1. PHP_5_4 already contains code banning \n or \r newlines. The one which could be bypassed by the "\n Header: Foo\r Foo". Gustavo patch is fixing it to do what was meant to do. I think that any good application relying on header() to send multiple ones would fail with the incomplete fix, so I see little difference in compatibility with using the full one.
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
