Home/ Questions/Q 8207483
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T09:00:38+00:00

I sometimes use user data in php function header like this : header(‘Location :

  • 0

I sometimes use user data in php function header like this :

header('Location : test' . $user_data);

I used to remove \n and \r to prevent header injection but is there any other new lines characters ? I wrote Location in my example, but it can be something else, I know I have to validate and sanitize URL, my question is about new lines in header.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Quoting the doc:

    (since 4.4.2 and 5.1.2) This function now prevents more than one
    header to be sent at once as a protection against header injection
    attacks.

    So I suppose even that CRLF replacement you’ve already did is not necessary.

    • 0