Hi all,
I was trying to reproduce this problem:
http://www.securityfocus.com/archive/1/453432
and I just remembered that PHP itself, since 5.1.2, has a protection for
this:
http://www.php.net/ChangeLog-5.php
Fixed possible header injection by limiting each header to a single
line. (Ilia)
Marc Delisle a écrit :
Hi all,
I was trying to reproduce this problem:
http://www.securityfocus.com/archive/1/453432
and I just remembered that PHP itself, since 5.1.2, has a protection for
this:
http://www.php.net/ChangeLog-5.php
Fixed possible header injection by limiting each header to a
close 404744 4:2.9.1.1-1
tags 404744 -moreinfo +sarge
thanks
Hi Marc,
On Sat, 2007-01-06 at 09:26 -0500, Marc Delisle wrote:
Problem confirmed while testing on PHP 5.1.0. I'll work on a patch this
week-end, it will be included in the soon to be released 2.9.2-rc1.
Thanks for your research!
3 matches
Mail list logo