From a74ebcc87a63628f8c4e0ea35a694b8f299c0633 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Wed, 30 Nov 2005 15:31:23 +0000
Subject: - More fixes

---
 includes/file.inc | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'includes')

diff --git a/includes/file.inc b/includes/file.inc
index dca300079..a1232f1e9 100644
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -456,6 +456,10 @@ function file_transfer($source, $headers) {
   ob_end_clean();
 
   foreach ($headers as $header) {
+    // To prevent HTTP header injection, we delete new lines that are
+    // not followed by a space or a tab.
+    // See http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
+    $header = preg_replace('/\r?\n(?!\t| )/', '', $header);
     header($header);
   }
 
-- 
cgit v1.2.3