Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Clarify utf-7 exploit in drupal_set_header()

4.7.x
Steven Wittens 2006-10-17 04:45:03 +00:00
parent 33821f6907
commit fd13781ee1
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
includes/common.inc
View File

@ -128,6 +128,9 @@ function drupal_clear_path_cache() {
/**
* Set an HTTP response header for the current page.
*
* Note: when sending a Content-Type header, always include a 'charset' type
* too. This is necessary to avoid security bugs (e.g. UTF-7 XSS).
*/
function drupal_set_header($header = NULL) {
// We use an array to guarantee there are no leading or trailing delimiters.