summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2017-03-20 16:43:58 +0100
committerAndrey Andreev <narf@devilix.net>2017-03-20 16:43:58 +0100
commitdf33ec2e45356895c5aec0a1ebfc325c2af4f74a (patch)
treee7b54b276b94264a648b332cab1b5fe0e12d1efa /system/core
parent62b655b92667f1e417a4f260a34ff447ddeee2c2 (diff)
Fix Apache header injection vulnerability in set_status_header()
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Common.php10
1 files changed, 5 insertions, 5 deletions
diff --git a/system/core/Common.php b/system/core/Common.php
index f7bd42600..2fd5c5809 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -562,12 +562,12 @@ if ( ! function_exists('set_status_header'))
if (strpos(PHP_SAPI, 'cgi') === 0)
{
header('Status: '.$code.' '.$text, TRUE);
+ return;
}
- else
- {
- $server_protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1';
- header($server_protocol.' '.$code.' '.$text, TRUE, $code);
- }
+
+ $server_protocol = (isset($_SERVER['SERVER_PROTOCOL']) && in_array($_SERVER['SERVER_PROTOCOL'], array('HTTP/1.0', 'HTTP/1.1', 'HTTP/2'), TRUE))
+ ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1';
+ header($server_protocol.' '.$code.' '.$text, TRUE, $code);
}
}