Header names with underscores ignored in php 5.5.1 / apache 2.4.6

Question

After upgrading to php 5.5.1 and apache 2.4.6, checking for certain headers is now broken (specifically, checking for HTTP_X_REQUESTED_WITH).

Through fu

Answer 1

This is a documented feature in apache 2.4. See httpd.apache.org/docs/trunk/new_features_2_4.html

Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped.