First of all, what is it that HTTP Response splitting gets most used for anyway? XSS. So any injection that will give us an XSS vector is just as good as any other.
But like the title says, not all redirection scripts are created equal. The most common approach used to redirect people is somewhat similar to the following:
header ("Location: ".$_GET['url']);
Which, when the PHP patch is applied, should be perfectly safe when ti comes to preventing XSS.
But is that the only approach? As some recent auditing I've done has shown me, its not.
I found something like the following not too long ago:
header ('refresh: 0; URL="'.$_GET['url'].'"');
Just goes to show how there is generally more than one way to do something, but going down an untested road will often lead to unforseen problems that have already been solved for other approaches.