[TASK] Remove security fix for older PHP versions 11/46911/3
authorAlexander Opitz <opitz.alexander@googlemail.com>
Fri, 26 Feb 2016 14:44:40 +0000 (15:44 +0100)
committerChristian Kuhn <lolli@schwarzbu.ch>
Fri, 26 Feb 2016 15:07:25 +0000 (16:07 +0100)
As we are only supporting PHP 7.0, we can remove the security check
for older PHP versions. The header() function do not support multi
line headers any more.

Resolves: #73700
Related: #58816
Releases: master
Change-Id: I0f3e8f013111fc062058428388749f9f6450ff48
Reviewed-on: https://review.typo3.org/46911
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/core/Classes/Utility/GeneralUtility.php

index 7c5600b..8838265 100755 (executable)
@@ -2807,7 +2807,6 @@ class GeneralUtility
      *
      * @param string $path URL / path to prepend full URL addressing to.
      * @return string
-     * @throws \InvalidArgumentException
      */
     public static function locationHeaderUrl($path)
     {
@@ -2819,10 +2818,6 @@ class GeneralUtility
             // No scheme either
             $path = self::getIndpEnv('TYPO3_REQUEST_DIR') . $path;
         }
-        // Can be removed once minimum PHP requirement is at least 5.5.22 or 5.6.6
-        if (strpbrk($path, "\r\n") !== false) {
-            throw new \InvalidArgumentException('HTTP header injection attempt in "' . $path . '"', 1448194036);
-        }
         return $path;
     }