[TASK] Disallow multi-line HTTP headers 98/44898/3
authorHelmut Hummel <helmut.hummel@typo3.org>
Sun, 22 Nov 2015 12:09:58 +0000 (13:09 +0100)
committerWouter Wolters <typo3@wouterwolters.nl>
Sun, 22 Nov 2015 12:58:03 +0000 (13:58 +0100)
commit49ffef2579a7814c75415b31fbce4421849169f8
tree5d8bab84222f2963ee869bd1ca4c1e9426537fb3
parent57a12dd6860292a4260c605eb7fc42481b3523d4
[TASK] Disallow multi-line HTTP headers

PHP removed the support for this deprecated HTTP specification
in recent versions of PHP, thus we should remove these as well.

Besides that, we add an additional check for newlines
in GeneralUtility::locationHeaderUrl() to prevent potential
issues with Internet Explorer.
These lines can be removed once the minimum PHP requirement
are raised.

Releases: master, 6.2
Resolves: #58816
Change-Id: I38d26affd31913b82a972ac90ebf906a45b92e05
Reviewed-on: https://review.typo3.org/44898
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
typo3/sysext/core/Classes/Http/Message.php
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Tests/Unit/Http/MessageTest.php