1

(1 replies, posted in Programming)

I know that newline characters (e.g. \n, \r, %0d, %0a) need to be stripped off to circumvent HTTP Response Splitting, but what security measure should I consider when redirecting to an user supplied location via PHP's header() function? Is there a white or black list of acceptable or problematic/unsafe URL characters that I should know about?

Also, in the following snippet of code pulled from punBB's redirect() function, what is the purpose of the last condition, i.e. (;[\s]*data[\s]*:)?

$destination_url = preg_replace('/([\r\n])|(%0[ad])|(;[\s]*data[\s]*:)/i', '', $destination_url);

Thanks in advance.