Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / df33ec2e45356895c5aec0a1ebfc325c2af4f74a^! / . / system / core / Common.php
commitdf33ec2e45356895c5aec0a1ebfc325c2af4f74a[log] [tgz]
authorAndrey Andreev <narf@devilix.net>Mon Mar 20 17:43:58 2017 +0200
committerAndrey Andreev <narf@devilix.net>Mon Mar 20 17:43:58 2017 +0200
treee7b54b276b94264a648b332cab1b5fe0e12d1efa
parent62b655b92667f1e417a4f260a34ff447ddeee2c2 [diff] [blame]
Fix Apache header injection vulnerability in set_status_header()

diff --git a/system/core/Common.php b/system/core/Common.php
index f7bd426..2fd5c58 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php

@@ -562,12 +562,12 @@
 		if (strpos(PHP_SAPI, 'cgi') === 0)
 		{
 			header('Status: '.$code.' '.$text, TRUE);
+			return;
 		}
-		else
-		{
-			$server_protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1';
-			header($server_protocol.' '.$code.' '.$text, TRUE, $code);
-		}
+
+		$server_protocol = (isset($_SERVER['SERVER_PROTOCOL']) && in_array($_SERVER['SERVER_PROTOCOL'], array('HTTP/1.0', 'HTTP/1.1', 'HTTP/2'), TRUE))
+			? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1';
+		header($server_protocol.' '.$code.' '.$text, TRUE, $code);
 	}
 }