Don't allow header injection.

This commit is contained in:
Jason A. Donenfeld 2011-11-16 01:11:28 -05:00
parent 34dd265f6a
commit 6f11e0526e

View File

@ -15,7 +15,7 @@ function cachePath($path) {
return $path; return $path;
} }
$url = $_SERVER["SCRIPT_URL"]; $url = str_replace("\b", "", str_replace("\r", "", str_replace("\n", "", $_SERVER["SCRIPT_URL"])));
if ($url[strlen($url) - 1] == '/') if ($url[strlen($url) - 1] == '/')
$url = substr($url, 0, strlen($url) - 1); $url = substr($url, 0, strlen($url) - 1);