function backdrop_valid_http_host

1 bootstrap.inc backdrop_valid_http_host($host)

Validates that a hostname (for example $_SERVER['HTTP_HOST']) is safe.

Parameters

string $host: The host name to validate.

Return value

bool: TRUE only if containing valid characters; FALSE otherwise.

3 calls to backdrop_valid_http_host()

backdrop_environment_initialize in core/includes/bootstrap.inc: Initializes the PHP environment.
BootstrapIPAddressTestCase::testIPAddressHost in core/modules/simpletest/tests/bootstrap.test: test IP Address and hostname
drupal_valid_http_host in core/includes/drupal.inc: Validates that a hostname (for example $_SERVER['HTTP_HOST']) is safe.

File

core/includes/bootstrap.inc, line 779: Functions that need to be loaded on every Backdrop request.

Code

function backdrop_valid_http_host($host) {
  // Limit the length of the host name to 1000 bytes to prevent DoS attacks with
  // long host names.
  return strlen($host) <= 1000
    // Limit the number of subdomains and port separators to prevent DoS attacks
    // in conf_path().
    && substr_count($host, '.') <= 100
    && substr_count($host, ':') <= 100
    && preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host);
}