[TASK] Disallow multi-line HTTP headers
PHP removed the support for this deprecated HTTP specification in recent versions of PHP, thus we should remove these as well. Besides that, we add an additional check for newlines in GeneralUtility::locationHeaderUrl() to prevent potential issues with Internet Explorer. These lines can be removed once the minimum PHP requirement are raised. Releases: master, 6.2 Resolves: #58816 Change-Id: I38d26affd31913b82a972ac90ebf906a45b92e05 Reviewed-on: https://review.typo3.org/44898 Reviewed-by:Markus Klein <markus.klein@typo3.org> Tested-by:
Wouter Wolters <typo3@wouterwolters.nl> Tested-by:
Showing
- typo3/sysext/core/Classes/Http/Message.php 2 additions, 5 deletionstypo3/sysext/core/Classes/Http/Message.php
- typo3/sysext/core/Classes/Utility/GeneralUtility.php 5 additions, 0 deletionstypo3/sysext/core/Classes/Utility/GeneralUtility.php
- typo3/sysext/core/Tests/Unit/Http/MessageTest.php 2 additions, 17 deletionstypo3/sysext/core/Tests/Unit/Http/MessageTest.php
Please register or sign in to comment