summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Changelog1
-rw-r--r--header.c5
2 files changed, 5 insertions, 1 deletions
diff --git a/Changelog b/Changelog
index a1f6231..6c18103 100644
--- a/Changelog
+++ b/Changelog
@@ -1,5 +1,6 @@
12012-01-11 - 0.9.33-dev 12012-01-11 - 0.9.33-dev
2 2
3 - Fixed that disabling HTTP response splitting protection also disabled NUL byte protection in HTTP headers
3 - Removed crypt() support - because not used for PHP >= 5.3.0 anyway 4 - Removed crypt() support - because not used for PHP >= 5.3.0 anyway
4 5
52010-07-23 - 0.9.32.1 62010-07-23 - 0.9.32.1
diff --git a/header.c b/header.c
index d2ec518..368e085 100644
--- a/header.c
+++ b/header.c
@@ -240,7 +240,7 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_headers_struct
240 } 240 }
241#endif 241#endif
242 242
243 if (!SUHOSIN_G(allow_multiheader) && sapi_header && sapi_header->header) { 243 if (sapi_header && sapi_header->header) {
244 244
245 tmp = sapi_header->header; 245 tmp = sapi_header->header;
246 246
@@ -256,6 +256,9 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_headers_struct
256 if (!SUHOSIN_G(simulation)) { 256 if (!SUHOSIN_G(simulation)) {
257 sapi_header->header_len = i; 257 sapi_header->header_len = i;
258 } 258 }
259 }
260 if (SUHOSIN_G(allow_multiheader)) {
261 continue;
259 } else if ((tmp[0] == '\r' && (tmp[1] != '\n' || i == 0)) || 262 } else if ((tmp[0] == '\r' && (tmp[1] != '\n' || i == 0)) ||
260 (tmp[0] == '\n' && (i == sapi_header->header_len-1 || i == 0 || (tmp[1] != ' ' && tmp[1] != '\t')))) { 263 (tmp[0] == '\n' && (i == sapi_header->header_len-1 || i == 0 || (tmp[1] != ' ' && tmp[1] != '\t')))) {
261 char *fname = get_active_function_name(TSRMLS_C); 264 char *fname = get_active_function_name(TSRMLS_C);