Changeset View
Changeset View
Standalone View
Standalone View
src/aphront/sink/AphrontHTTPSink.php
| Show First 20 Lines • Show All 44 Lines • ▼ Show 20 Lines | final public function writeHeaders(array $headers) { | ||||
| foreach ($headers as $header) { | foreach ($headers as $header) { | ||||
| if (!is_array($header) || count($header) !== 2) { | if (!is_array($header) || count($header) !== 2) { | ||||
| throw new Exception('Malformed header.'); | throw new Exception('Malformed header.'); | ||||
| } | } | ||||
| list($name, $value) = $header; | list($name, $value) = $header; | ||||
| if (strpos($name, ':') !== false) { | if (strpos($name, ':') !== false) { | ||||
| throw new Exception( | throw new Exception( | ||||
| "Declining to emit response with malformed HTTP header name: ". | 'Declining to emit response with malformed HTTP header name: '. | ||||
| $name); | $name); | ||||
| } | } | ||||
| // Attackers may perform an "HTTP response splitting" attack by making | // Attackers may perform an "HTTP response splitting" attack by making | ||||
| // the application emit certain types of headers containing newlines: | // the application emit certain types of headers containing newlines: | ||||
| // | // | ||||
| // http://en.wikipedia.org/wiki/HTTP_response_splitting | // http://en.wikipedia.org/wiki/HTTP_response_splitting | ||||
| // | // | ||||
| ▲ Show 20 Lines • Show All 59 Lines • Show Last 20 Lines | |||||