diff options
author | Andrey Andreev <narf@devilix.net> | 2017-03-20 16:43:58 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2017-03-20 16:43:58 +0100 |
commit | df33ec2e45356895c5aec0a1ebfc325c2af4f74a (patch) | |
tree | e7b54b276b94264a648b332cab1b5fe0e12d1efa | |
parent | 62b655b92667f1e417a4f260a34ff447ddeee2c2 (diff) |
Fix Apache header injection vulnerability in set_status_header()
-rw-r--r-- | system/core/Common.php | 10 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 3 |
2 files changed, 7 insertions, 6 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index f7bd42600..2fd5c5809 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -562,12 +562,12 @@ if ( ! function_exists('set_status_header')) if (strpos(PHP_SAPI, 'cgi') === 0) { header('Status: '.$code.' '.$text, TRUE); + return; } - else - { - $server_protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1'; - header($server_protocol.' '.$code.' '.$text, TRUE, $code); - } + + $server_protocol = (isset($_SERVER['SERVER_PROTOCOL']) && in_array($_SERVER['SERVER_PROTOCOL'], array('HTTP/1.0', 'HTTP/1.1', 'HTTP/2'), TRUE)) + ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1'; + header($server_protocol.' '.$code.' '.$text, TRUE, $code); } } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 32f2b81e6..d891b786b 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -9,10 +9,11 @@ Release Date: Not Released - **Security** - - Updated :doc:`Encrypt Library <libraries/encrypt>` (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``. + - Fixed a header injection vulnerability in :doc:`common function <general/common_functions>` :php:func:`set_status_header()` under Apache (thanks to Guillermo Caminer from `Flowgate <https://flowgate.net/>`_). - Fixed byte-safety issues in :doc:`Encrypt Library <libraries/encrypt>` (DEPRECATED) when ``mbstring.func_overload`` is enabled. - Fixed byte-safety issues in :doc:`Encryption Library <libraries/encryption>` when ``mbstring.func_overload`` is enabled. - Fixed byte-safety issues in :doc:`compatibility functions <general/compatibility_functions>` ``password_hash()``, ``hash_pbkdf2()`` when ``mbstring.func_overload`` is enabled. + - Updated :doc:`Encrypt Library <libraries/encrypt>` (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``. - General Changes |