Execution After Redirect ('EAR')
ID |
php.execution_after_redirect |
Severity |
low |
Resource |
Other |
Language |
Php |
Tags |
CWE:698, NIST.SP.800-53 |
Description
This rule detects cases where code execution continues after calling a header("Location: …") redirect in PHP. If not properly handled, this can lead to unintended behavior, security vulnerabilities, or information leaks.
Rationale
When performing a redirect in PHP using header("Location: …"), execution of the script does not stop automatically. If the script continues to run, sensitive operations might still be executed, which can lead to vulnerabilities such as unauthorized actions, logic bypasses, or unintentional data exposure.
Example of an insecure implementation:
<?php
// Simulating authentication check
if (!isset($_SESSION['authenticated'])) {
header("Location: login.php"); // Redirecting to login
// No exit or die() here, execution continues!
}
echo "Sensitive content that should not be shown after redirect.";
// Further actions that could be misused
deleteUserAccount(); // Example of unintended function execution
?>In this example, the header("Location: login.php") is intended to redirect unauthorized users, but because there is no exit; or die();, the script continues executing. If the browser does not follow the redirect immediately or an attacker manipulates the request, unintended operations could be performed.
Remediation
To prevent execution after a redirect:
-
Always terminate execution after
header("Location: …")– Useexit;ordie();to ensure no further code runs. -
Use explicit access control – Instead of relying only on redirects, implement authentication checks at the beginning of every sensitive script.
-
Avoid executing sensitive operations based on conditions that might change mid-execution.
Secure example:
<?php
// Secure authentication check
if (!isset($_SESSION['authenticated'])) {
header("Location: login.php");
exit; // Ensuring script execution stops after redirect
}
// Safe content execution
echo "Welcome to your dashboard!";
?>By properly terminating execution with exit;, the risk of unintended code execution after a redirect is eliminated, making the application more secure.