On Sun, 08 Sep 2002 10:58:24 +0900 Yasuo Ohgaki <[EMAIL PROTECTED]> wrote: > This obvious security risk is mentioned in bugtraq today. > > IMHO, this is users' fault. They must check values before > using it. In this specfic case, user should use simple regex > before feeding str to header(). > > Any opinion to meke this to "won't fix"?
+1 Validating input is users' resposibility. Besides doing anything about it would break BC as I've seen several scripts that send 2-3 headers with one header() call. Edin -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
