Prevent HTTP Response Splitting

  1. FAQ
  2. Prevent HTTP Response Splitting

Source:

https://stackoverflow.com/questions/31318151/how-to-prevent-crlf-injection-http-response-splitting-in-php

function prevent_hrs(String $response){
    $response =  normalizer_normalize($response);// http://php.net/manual/en/normalizer.normalize.php
    $cr = '/\%0d/';
    $lf = '/\%0a/';
    $null = '/\%00/';  # prevent potential bypass attempts

    $cr_check = preg_match($cr , $response);
    $lf_check = preg_match($lf , $response);
    $null_check = preg_match($null , $response);    
    if (($cr_check > 0) || ($lf_check > 0) || ($null_check > 0)){
        die('ERROR: CRLF detected');
    }
    return $response;
}
Published with GitBook · Last edit March 16th 2018

results for ""

    No results matching ""