Chris@0: 254 Chris@0: ) { Chris@0: continue; Chris@0: } Chris@0: Chris@0: $string .= $value[$i]; Chris@0: } Chris@0: Chris@0: return $string; Chris@0: } Chris@0: Chris@0: /** Chris@0: * Validate a header value. Chris@0: * Chris@0: * Per RFC 7230, only VISIBLE ASCII characters, spaces, and horizontal Chris@0: * tabs are allowed in values; header continuations MUST consist of Chris@0: * a single CRLF sequence followed by a space or horizontal tab. Chris@0: * Chris@0: * @see http://en.wikipedia.org/wiki/HTTP_response_splitting Chris@0: * @param string $value Chris@0: * @return bool Chris@0: */ Chris@0: public static function isValid($value) Chris@0: { Chris@0: $value = (string) $value; Chris@0: Chris@0: // Look for: Chris@0: // \n not preceded by \r, OR Chris@0: // \r not followed by \n, OR Chris@0: // \r\n not followed by space or horizontal tab; these are all CRLF attacks Chris@0: if (preg_match("#(?:(?:(?