Marc Delisle a écrit :
Hi all,
I was trying to reproduce this problem:
http://www.securityfocus.com/archive/1/453432
and I just remembered that PHP itself, since 5.1.2, has a protection for
this:
http://www.php.net/ChangeLog-5.php
"Fixed possible header injection by limiting each header to a single
line. (Ilia)"
This is probably why I can't reproduce but from now on, I'll try with an
older PHP.
Marc
Problem confirmed while testing on PHP 5.1.0. I'll work on a patch this
week-end, it will be included in the soon to be released 2.9.2-rc1.
Marc
