360 website security detection tell the truth, but it is not easy to detect some problems, but in some cases, it is still necessary to fix the problems. 360 there is an HTTP Response Splitting vulnerability in website security detection. Description: HTTP Response Splitting vulnerability, also known as CRLF Injection. CR and LF correspond to carriage return and line feed characters respectively. The HTTP header consists of multiple lines separated by the combination of CRLF. The structure of each line is "key: value ". If the value entered by the user is partially injected with the CRLF character, it may change the HTTP header structure. HTTP response splitting is a new application attack technology that causes webpage Cache Poisoning and cross-user alteration, such as various new attacks, hijacking of user sensitive information and cross-site scripting (XSS). Hazard: attackers may inject custom HTTP headers. For example, attackers can inject session cookies or HTML code. This vulnerability may cause a similar XSS (Cross-Site Scripting) or session fixation vulnerability. Train of Thought: restrict the CR and LF entered by the user, or encode the CR and LF characters correctly before outputting them, to prevent injection of custom HTTP headers. Solution: this phenomenon is often manifested in the webpage with parameters passed, as long as the appropriate filtering is good, OK, provide PHP code: 1 $ post = trim ($ post ); 2 $ post = strip_tags ($ post, ""); // clear Code such as <br/> in HTML 3 $ post = ereg_replace ("\ t ","", $ post); // remove the tabulation symbol 4 $ post = ereg_replace ("\ r \ n", "", $ post ); // remove the carriage return newline character 5 $ post = ereg_replace ("\ r", "", $ post); // remove the carriage return character 6 $ post = ereg_replace ("\ n ", "", $ post); // remove wrap 7 $ post = ereg_replace ("", "", $ post ); // remove space 8 $ post = ereg_replace ("'", "", $ post); // remove single quotes or: 1 $ post = trim ($ post ); 2 $ post = strip_tags ($ post, ""); // clear Code such as <br/> in HTML 3 $ post = ereg_replace ("\ t ","", $ post); // remove the tabulation symbol 4 $ post = ereg_replace ("\ r \ n", "", $ post ); // remove the carriage return newline character 5 $ post = ereg_replace ("\ r", "", $ post); // remove the carriage return character 6 $ post = ereg_replace ("\ n ", "", $ post); // remove wrap 7 $ post = ereg_replace ("", "", $ post ); // remove space 8 $ post = ereg_replace ("'", "", $ post); // remove single quotes