How to protect PHP application from CRLF attack?

Question

I am using Acunetix to scan my PHP application for security issues. After all scans, I get a medium alert related to CRLF vulnerability. But I don't know how can I fix this issue.
I created a function to remove all possible codes for injections but it does not solve the problem.

function remove_crlf($input) {
    $output = str_replace(array('\r','\n','\r\n','\n\r','%0d','%0a'),null,$input);
    return $output;
}

Do you have any solution?

score 0 · Answer 1 · edited May 23 '17 at 12:08

0

using regex:

$output = preg_replace("/[^\\S ]/", '', $input);

readed in: https://stackoverflow.com/a/21620363/454827

edited May 23 '17 at 12:08

Community

1
1

answered Jul 12 '16 at 06:45

ZiTAL

3,466
8
35
50

How to protect PHP application from CRLF attack?

1 Answers1