Mutliple Location response headers can trigger notices
|Reported by:||hakre||Owned by:||dd32|
The current implementation for manual cUrl redirects (safemode / openbasedir restrictions, see #11305) will do notices and fail if a response contains more than one location response header.
Technically this is possible.
In the RFC I have not found any definition so far wether or not this is violating any standard or not not. Next to that I could gather no information how a HTTP client should interprete such a response.
For my fix I will prefer the first location header over any additional one.