function drupal_valid_http_host in Drupal 6
Same name and namespace in other branches
- 5 includes/bootstrap.inc \drupal_valid_http_host()
- 7 includes/bootstrap.inc \drupal_valid_http_host()
Validate that a hostname (for example $_SERVER['HTTP_HOST']) is safe.
As $_SERVER['HTTP_HOST'] is user input, ensure it only contains characters allowed in hostnames. See RFC 952 (and RFC 2181). $_SERVER['HTTP_HOST'] is lowercased.
Return value
TRUE if only containing valid characters, or FALSE otherwise.
1 call to drupal_valid_http_host()
- conf_init in includes/
bootstrap.inc - Loads the configuration and sets the base URL, cookie domain, and session name correctly.
File
- includes/
bootstrap.inc, line 366 - Functions that need to be loaded on every Drupal request.
Code
function drupal_valid_http_host($host) {
// Limit the length of the host name to 1000 bytes to prevent DoS attacks with
// long host names.
return strlen($host) <= 1000 && substr_count($host, '.') <= 100 && substr_count($host, ':') <= 100 && preg_match('/^\\[?(?:[a-zA-Z0-9-:\\]_]+\\.?)+$/', $host);
}