Homec4science

Provide software protections for HTTP response splitting

Authored by epriestley <git@epriestley.com> on Feb 6 2012, 18:59.

Description

Provide software protections for HTTP response splitting

Summary:
This addresses a few things:

  • Provide a software HTTP response spliting guard as an extra layer of

security, see http://news.php.net/php.internals/57655 and who knows what HPHP/i
does.

  • Cleans up webroot/index.php a little bit, I want to get that file under

control eventually.

  • Eventually I want to collect bytes in/out metrics and this allows us to do

that easily.

  • We may eventually want to write to a socket or do something else like that,

ala Litespawn.

Test Plan:

  • Ran unit tests.
  • Browsed around, checked headers and HTTP status codes.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1564

Details

Committed
epriestley <git@epriestley.com>Feb 6 2012, 18:59
Pushed
aubortJan 31 2017, 17:16
Parents
rPHbe424bf381a5: Utilize hsprintf() in OAuth
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHe8a7d8a905de: Provide software protections for HTTP response splitting (authored by epriestley <git@epriestley.com>).Feb 6 2012, 18:59