nyx/tests/dynamic_fixtures/header_injection/php/benign.php

<?php
// Phase 08 (Track J.6) — PHP HEADER_INJECTION benign control fixture.
//
// Same shape as `vuln.php` but URL-encodes the value first via
// `urlencode`, so CRLF bytes land as `%0D%0A` and the wire keeps a
// single header.
function run($value) {
    header("Set-Cookie: " . urlencode($value));
}
[pitboss] phase 08: Track J.6 + Track L.6 — `HEADER_INJECTION` corpus + every HTTP framework 2026-05-18 01:08:32 -05:00			`<?php`
			`// Phase 08 (Track J.6) — PHP HEADER_INJECTION benign control fixture.`
			`//`
			// Same shape as `vuln.php` but URL-encodes the value first via
			// `urlencode`, so CRLF bytes land as `%0D%0A` and the wire keeps a
			`// single header.`
			`function run($value) {`
			`header("Set-Cookie: " . urlencode($value));`
			`}`