X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fhttp-functions.php;h=acc3c6d5e6b8eddc737a6c151a913d0c14fd36f1;hb=refs%2Fheads%2Fserver-0.2.1-FINAL%2Fshipsimu-org;hp=cf921efc6be61c48db7bc0a973f77bb822519e9d;hpb=f40ee6b3fe47308625f3490dedb1c52174ddf9f1;p=mailer.git

diff --git a/inc/http-functions.php b/inc/http-functions.php
index cf921efc6b..acc3c6d5e6 100644
--- a/inc/http-functions.php
+++ b/inc/http-functions.php
@@ -688,6 +688,12 @@ function extractHostnameFromUrl (&$script) {
 
 // Adds a HTTP header to array
 function addHttpHeader ($header) {
+	// Is 'Proxy' set?
+	if (substr(trim(strtolower($header)), 0, 6) == 'proxy:') {
+		// Don't allow this header being sent
+		reportBug(__FUNCTION__, __LINE__, 'Security-relevant HTTP header "Proxy" detected. Please do not set this. See https://httpoxy.org/ for details.');
+	} // END - if
+
 	// Send the header
 	//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, ': header=' . $header);
 	array_push($GLOBALS['http_header'], trim($header));