Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:13272
Return-Path: <sascha@schumann.cx>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 26331 invoked by uid 1010); 12 Oct 2004 05:40:41 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 26284 invoked from network); 12 Oct 2004 05:40:40 -0000
Received: from unknown (HELO chatserv.de) (217.160.175.43)
  by pb1.pair.com with SMTP; 12 Oct 2004 05:40:40 -0000
Received: from lx.foo (chatserv [217.160.175.43])
	by chatserv.de (Postfix) with ESMTP id E1D8711009C;
	Tue, 12 Oct 2004 07:40:39 +0200 (CEST)
Date: Tue, 12 Oct 2004 07:40:38 +0200 (CEST)
X-X-Sender: sas@lx
To: Andi Gutmans <andi@zend.com>
Cc: Christian Schneider <cschneid@cschneid.com>,
	internals@lists.php.net
In-Reply-To: <5.1.0.14.2.20041011152226.043e7ec0@localhost>
Message-ID: <Pine.LNX.4.60.0410120732170.9211@lx>
References: <20041011100001.94254.qmail@pb1.pair.com> <20041011100001.94254.qmail@pb1.pair.com>
 <5.1.0.14.2.20041011152226.043e7ec0@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: [PHP-DEV] HTTP Response Splitting
From: sascha@schumann.cx (Sascha Schumann)

On Mon, 11 Oct 2004, Andi Gutmans wrote:

> I think you are right. The only problem I can see is that people added more
> than one header with a header() call and it actually having worked under some
> SAPIs. My guess is that this has happened quite often and it might break quite
> a few apps.

    In contrast to other bad programming habbits, I have not seen
    this in actual code anywhere so far.

    Are there any examples of real applications doing this?  
    
    We could start emitting a warning by default:
    
    cleanup_header = false
    cleanup_header_warning = true

    And later change the default of cleanup_header to true.
    
    - Sascha