* Kurzbeschreibung : HTTP-relevante Funktionen *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
- * Copyright (c) 2009 - 2015 by Mailer Developer Team *
+ * Copyright (c) 2009 - 2016 by Mailer Developer Team *
* For more information visit: http://mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
// Adds a HTTP header to array
function addHttpHeader ($header) {
+ // Is 'Proxy' set?
+ if (substr(trim(strtolower($header)), 0, 6) == 'proxy:') {
+ // Don't allow this header being sent
+ reportBug(__FUNCTION__, __LINE__, 'Security-relevant HTTP header "Proxy" detected. Please do not set this. See https://httpoxy.org/ for details.');
+ } // END - if
+
// Send the header
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, ': header=' . $header);
array_push($GLOBALS['http_header'], trim($header));
// Logs wrong SERVER_NAME attempts
function logWrongServerNameRedirect () {
// Is ext-sql_patches at least version 0.9.2?
- if (isExtensionInstalledAndNewer('sql_patches', '0.9.2')) {
+ if (isExtensionInstalled('server_name')) {
// Is there an entry?
if (countSumTotalData(detectServerName(), 'server_name_log', 'server_name_id', 'server_name', TRUE, str_replace('%', '{PER}', sprintf(" AND `server_name_remote_addr`='%s' AND `server_name_ua`='%s' AND `server_name_referrer`='%s'", sqlEscapeString(detectRemoteAddr(TRUE)), sqlEscapeString(detectUserAgent(TRUE)), sqlEscapeString(detectReferer(TRUE))))) == 1) {
// Update counter, as all are the same