Forum OpenACS Development: Re: Header Injection

7: Re: Header Injection (response to 6)
Posted by Gustaf Neumann on
actually, my reply was not fully correct: NaviServer sanitizes all header fields since September 2013 (first i thought, i've missed this case, but it is covered as well).

however, the "double-fix" in OpenACS fixes the ad_returnredirect case for older versions of NaviServer and AolServer as well.