I'm using header() method to redirect page to another page. Then redirect variable is sanitized with html_special_chars() mathod and checked the full url with filter_var() method, still showing the bug.
Code:
$encoded_url = htmlspecialchars($loginUrl, ENT_QUOTES, 'UTF-8');
if (filter_var($encoded_url, FILTER_VALIDATE_URL))
{
header("location:".$encoded_url);
}
any possibilities to overcome this?
thanks in advance.