From b95cca2ca8a3d5a78d33edfb13d72f714eecc351 Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Tue, 21 Aug 2007 16:32:23 +0000
Subject: [PATCH] Fixed a Header attack

---
 includes/loggedin.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/includes/loggedin.php b/includes/loggedin.php
index 3f1883b..4b35bda 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -80,6 +80,8 @@
 				if($_SESSION['_config']['oldlocation'])
 					$_SESSION['_config']['oldlocation'] .= "&";
 
+				$key = str_replace(array("\n", "\r"), '', $key);
+				$val = str_replace(array("\n", "\r"), '', $val);
 				$_SESSION['_config']['oldlocation'] .= "$key=$val";
  			}
 			$_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
@@ -144,6 +146,8 @@
 			if($_SESSION['_config']['oldlocation'])
 				$_SESSION['_config']['oldlocation'] .= "&";
 
+			$key = str_replace(array("\n", "\r"), '', $key);
+			$val = str_replace(array("\n", "\r"), '', $val);
 			$_SESSION['_config']['oldlocation'] .= "$key=$val";
 		}
 		$_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];