Fixed that disabling HTTP response splitting protection also disabled NUL byte protection in HTTP headers

2 files changed, 5 insertions, 1 deletions

diff --git a/Changelog b/Changelog
index a1f6231..6c18103 100644
--- a/Changelog
+++ b/Changelog
@@ -1,5 +1,6 @@
 2012-01-11 - 0.9.33-dev
 
+    - Fixed that disabling HTTP response splitting protection also disabled NUL byte protection in HTTP headers
     - Removed crypt() support - because not used for PHP >= 5.3.0 anyway
 
 2010-07-23 - 0.9.32.1
diff --git a/header.c b/header.c
index d2ec518..368e085 100644
--- a/header.c
+++ b/header.c
@@ -240,7 +240,7 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_headers_struct
         }
 #endif
         
-        if (!SUHOSIN_G(allow_multiheader) && sapi_header && sapi_header->header) {
+        if (sapi_header && sapi_header->header) {
         
                 tmp = sapi_header->header;
 
@@ -256,6 +256,9 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_headers_struct
                                 if (!SUHOSIN_G(simulation)) {
                                         sapi_header->header_len = i;
                                 }
+                        }
+                        if (SUHOSIN_G(allow_multiheader)) {
+                                continue;
                         } else if ((tmp[0] == '\r' && (tmp[1] != '\n' || i == 0)) || 
                            (tmp[0] == '\n' && (i == sapi_header->header_len-1 || i == 0 || (tmp[1] != ' ' && tmp[1] != '\t')))) {
                                 char *fname = get_active_function_name(TSRMLS_C);