mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
7 lines
259 B
PHP
7 lines
259 B
PHP
|
<?php
|
||
|
|
// Unsafe: $_GET['lang'] concatenated into a `header()` line. The bare
|
||
|
|
// `header` matcher (exact-match sigil) fires on the call. Tainted input
|
||
|
|
// without `\r\n` stripping permits response splitting.
|
||
|
|
$lang = $_GET['lang'];
|
||
|
|
header("X-Lang: " . $lang);
|