Nemcio/Grav
1
0
Fork 0
mirror of https://github.com/getgrav/grav.git synced 2025-10-26 07:56:07 +01:00
Code Issues Packages Projects Releases Activity

Validate hostname to ensure no nefarious attacks are attempted by manipulating it.

Browse Source
This commit is contained in:
Andy Miller
2015-10-15 11:31:32 -06:00
parent babd50fb6c
commit 30f09994d6
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
system/src/Grav/Common/Uri.php
View File

@@ -12,6 +12,8 @@ use Grav\Common\Page\Pages;
*/
class Uri
{
const HOSTNAME_REGEX = '/^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/';
public $url;
protected $basename;
@@ -35,6 +37,9 @@ class Uri
// Remove port from HTTP_HOST generated $name
$name = Utils::substrToString($name, ':');
// Validate the hostname
$name = preg_match(Uri::HOSTNAME_REGEX, $name) ? $name : 'unknown';
$port = isset($_SERVER['SERVER_PORT']) ? $_SERVER['SERVER_PORT'] : 80;
$uri = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';