diff options
Diffstat (limited to 'includes/common.inc')
| -rw-r--r-- | includes/common.inc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/includes/common.inc b/includes/common.inc index 4b47f92cb..b003314fa 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -127,6 +127,9 @@ function drupal_clear_path_cache() { /** * Set an HTTP response header for the current page. + * + * Note: when sending a Content-Type header, always include a 'charset' type + * too. This is necessary to avoid security bugs (e.g. UTF-7 XSS). */ function drupal_set_header($header = NULL) { // We use an array to guarantee there are no leading or trailing delimiters. |