// Adds a HTTP header to array
function addHttpHeader ($header) {
+ // Is 'Proxy' set?
+ if (substr(trim(strtolower($header)), 0, 6) == 'proxy:') {
+ // Don't allow this header being sent
+ reportBug(__FUNCTION__, __LINE__, 'Security-relevant HTTP header "Proxy" detected. Please do not set this. See https://httpoxy.org/ for details.');
+ } // END - if
+
// Send the header
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, ': header=' . $header);
array_push($GLOBALS['http_header'], trim($header));
// Logs wrong SERVER_NAME attempts
function logWrongServerNameRedirect () {
// Is ext-sql_patches at least version 0.9.2?
- if (isExtensionInstalledAndNewer('sql_patches', '0.9.2')) {
+ if (isExtensionInstalled('server_name')) {
// Is there an entry?
if (countSumTotalData(detectServerName(), 'server_name_log', 'server_name_id', 'server_name', TRUE, str_replace('%', '{PER}', sprintf(" AND `server_name_remote_addr`='%s' AND `server_name_ua`='%s' AND `server_name_referrer`='%s'", sqlEscapeString(detectRemoteAddr(TRUE)), sqlEscapeString(detectUserAgent(TRUE)), sqlEscapeString(detectReferer(TRUE))))) == 1) {
// Update counter, as all are the same