function drupal_check_trusted_hosts
Checks trusted HTTP Host headers to protect against header injection attacks.
Parameters
string|null $host: The host name.
array $host_patterns: The array of trusted host patterns.
Return value
bool TRUE if the host is trusted, FALSE otherwise.
2 calls to drupal_check_trusted_hosts()
- BootstrapTrustedHostsTestCase::testTrustedHosts in modules/
simpletest/ tests/ bootstrap.test - Tests hostname validation.
- _drupal_bootstrap_configuration in includes/
bootstrap.inc - Sets up the script environment and loads settings.php.
File
-
includes/
bootstrap.inc, line 3974
Code
function drupal_check_trusted_hosts($host, array $host_patterns) {
if (!empty($host) && !empty($host_patterns)) {
// Trim and remove the port number from host; host is lowercase as per
// RFC 952/2181.
$host = strtolower(preg_replace('/:\\d+$/', '', trim($host)));
foreach ($host_patterns as $pattern) {
$pattern = sprintf('{%s}i', $pattern);
if (preg_match($pattern, $host)) {
return TRUE;
}
}
return FALSE;
}
return TRUE;
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.