is_a and is_subclass_of). (alan_k)
. Fixed bug #60116 (escapeshellcmd() cannot escape the characters
which cause shell command injection). (rui)
+ . Fixed bug #60227 (header() cannot detect the multi-line header with
+ CR(0x0D)). (rui)
- Oracle Database extension (OCI8):
. Increased maxium Oracle error message buffer length for new 11.2.0.3 size
--- /dev/null
+--TEST--
+Bug #60227 (header() cannot detect the multi-line header with CR)
+--FILE--
+<?php
+header("X-Foo1: a");
+header("X-Foo2: b\n ");
+header("X-Foo3: c\r\n ");
+header("X-Foo4: d\r ");
+header("X-Foo5: e\rSet-Cookie: ID=123");
+echo 'foo';
+?>
+--EXPECTF--
+Warning: Header may not contain more than a single header, new line detected. in %s on line %d
+foo
+--EXPECTHEADERS--
+X-Foo1: a
+X-Foo2: b
+X-Foo3: c
+X-Foo4: d
+
} else {
/* new line safety check */
char *s = header_line, *e = header_line + header_line_len, *p;
- while (s < e && (p = memchr(s, '\n', (e - s)))) {
+ while (s < e && ((p = memchr(s, '\n', (e - s))) || (p = memchr(s, '\r', (e - s))))) {
if (*(p + 1) == ' ' || *(p + 1) == '\t') {
s = p + 1;
continue;
projects / php / commitdiff