From: Roland Haeder Date: Tue, 19 Jul 2016 13:16:28 +0000 (+0200) Subject: prevent evil "Proxy" header being sent, see https://httpoxy.org for details X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=f73b3a96cbcde777125192e1cd1c205c3ea78172;p=mailer.git prevent evil "Proxy" header being sent, see https://httpoxy.org for details --- diff --git a/inc/http-functions.php b/inc/http-functions.php index cf921efc6b..acc3c6d5e6 100644 --- a/inc/http-functions.php +++ b/inc/http-functions.php @@ -688,6 +688,12 @@ function extractHostnameFromUrl (&$script) { // Adds a HTTP header to array function addHttpHeader ($header) { + // Is 'Proxy' set? + if (substr(trim(strtolower($header)), 0, 6) == 'proxy:') { + // Don't allow this header being sent + reportBug(__FUNCTION__, __LINE__, 'Security-relevant HTTP header "Proxy" detected. Please do not set this. See https://httpoxy.org/ for details.'); + } // END - if + // Send the header //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, ': header=' . $header); array_push($GLOBALS['http_header'], trim($header));