function drupal_valid_http_host
drupal_valid_http_host($host)
Validates that a hostname (for example $_SERVER['HTTP_HOST']) is safe.
Return value
TRUE if only containing valid characters, or FALSE otherwise.
File
- includes/bootstrap.inc, line 710
- Functions that need to be loaded on every Drupal request.
Code
function drupal_valid_http_host($host) { // Limit the length of the host name to 1000 bytes to prevent DoS attacks with // long host names. return strlen($host) <= 1000 // Limit the number of subdomains and port separators to prevent DoS attacks // in conf_path(). && substr_count($host, '.') <= 100 && substr_count($host, ':') <= 100 && preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host); }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/includes!bootstrap.inc/function/drupal_valid_http_host/7.x