15Eki
Is it safe to put user-controlled strings in a HTTP Location header?
I am thinking of adding URL shortening to my site.
Let’s say my database has already stored url as a plain string, this data was provided by the user and is arbitrary.
So a naive implementation in PHP might look a bit like this
$url = l…
