1 bootstrap.inc | backdrop_valid_http_host($host) |
Validates that a hostname (for example $_SERVER['HTTP_HOST']) is safe.
Parameters
string $host: The host name to validate.
Return value
bool: TRUE only if containing valid characters; FALSE otherwise.
File
- core/
includes/ bootstrap.inc, line 779 - Functions that need to be loaded on every Backdrop request.
Code
function backdrop_valid_http_host($host) {
// Limit the length of the host name to 1000 bytes to prevent DoS attacks with
// long host names.
return strlen($host) <= 1000
// Limit the number of subdomains and port separators to prevent DoS attacks
// in conf_path().
&& substr_count($host, '.') <= 100
&& substr_count($host, ':') <= 100
&& preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host);
}