NYCPHP Meetup

[csnyder at chxo.com]

Was reading a coding magazine today and came across the "HTTP Response
Splitting" attack, where a malicious user might try to pass newline characters
and HTTP headers into a Location: redirect by using a $_GET var with urlencoded
linebreaks.

PHP ( or maybe it's Apache? ) seems safe from this:

$redirect = "foo\nContent-length: 0\n\nHTTP/1.1 404 Not Found\n";
header( "Location: $redirect" );

The header() call above passes only "Location: foo" to the client, stripping all
the badness out of $redirect.