forward() should throw Exception if headers were sent
|Reported by:||mrclay||Owned by:|
|Severity:||minor||Keywords:||security, forward, exception|
It's good that a couple gatekeepers throw exceptions if forward() returns false, but IMO the throw should occur in forward itself whenever headers were already sent.
I count 50+ usages of forward(); and in very few instances does the code check the return value. Even action_gatekeeper() doesn't. Authors expect--for better or for worse--that calling functions named "forward" or "redirect" will always halt program flow, and very small errors (outputting a newline in a PHP file) could break this contract.
Change History (5)
comment:3 Changed 20 months ago by Cash Costello
- Resolution set to fixed
- Status changed from new to closed