X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fhttp-functions.php;h=acc3c6d5e6b8eddc737a6c151a913d0c14fd36f1;hp=e82ca2ce198709458fd5bd41d98eb0cac2c7b1ed;hb=f73b3a96cbcde777125192e1cd1c205c3ea78172;hpb=61621983cc6d7195fcc7eab29b5f6080ff283b34

diff --git a/inc/http-functions.php b/inc/http-functions.php
index e82ca2ce19..acc3c6d5e6 100644
--- a/inc/http-functions.php
+++ b/inc/http-functions.php
@@ -688,6 +688,12 @@ function extractHostnameFromUrl (&$script) {
 
 // Adds a HTTP header to array
 function addHttpHeader ($header) {
+	// Is 'Proxy' set?
+	if (substr(trim(strtolower($header)), 0, 6) == 'proxy:') {
+		// Don't allow this header being sent
+		reportBug(__FUNCTION__, __LINE__, 'Security-relevant HTTP header "Proxy" detected. Please do not set this. See https://httpoxy.org/ for details.');
+	} // END - if
+
 	// Send the header
 	//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, ': header=' . $header);
 	array_push($GLOBALS['http_header'], trim($header));
@@ -906,7 +912,7 @@ function getContentType () {
 // Logs wrong SERVER_NAME attempts
 function logWrongServerNameRedirect () {
 	// Is ext-sql_patches at least version 0.9.2?
-	if (isExtensionInstalledAndNewer('sql_patches', '0.9.2')) {
+	if (isExtensionInstalled('server_name')) {
 		// Is there an entry?
 		if (countSumTotalData(detectServerName(), 'server_name_log', 'server_name_id', 'server_name', TRUE, str_replace('%', '{PER}', sprintf(" AND `server_name_remote_addr`='%s' AND `server_name_ua`='%s' AND `server_name_referrer`='%s'", sqlEscapeString(detectRemoteAddr(TRUE)), sqlEscapeString(detectUserAgent(TRUE)), sqlEscapeString(detectReferer(TRUE))))) == 1) {
 			// Update counter, as all are the same