function drupal_check_trusted_hosts

Checks trusted HTTP Host headers to protect against header injection attacks.

Parameters

string|null $host: The host name.

array $host_patterns: The array of trusted host patterns.

Return value

bool TRUE if the host is trusted, FALSE otherwise.

2 calls to drupal_check_trusted_hosts()
BootstrapTrustedHostsTestCase::testTrustedHosts in modules/simpletest/tests/bootstrap.test
Tests hostname validation.
_drupal_bootstrap_configuration in includes/bootstrap.inc
Sets up the script environment and loads settings.php.

File

includes/bootstrap.inc, line 3974

Code

function drupal_check_trusted_hosts($host, array $host_patterns) {
    if (!empty($host) && !empty($host_patterns)) {
        // Trim and remove the port number from host; host is lowercase as per
        // RFC 952/2181.
        $host = strtolower(preg_replace('/:\\d+$/', '', trim($host)));
        foreach ($host_patterns as $pattern) {
            $pattern = sprintf('{%s}i', $pattern);
            if (preg_match($pattern, $host)) {
                return TRUE;
            }
        }
        return FALSE;
    }
    return TRUE;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.