projects
/
mailer.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
e19231f
)
prevent evil "Proxy" header being sent, see https://httpoxy.org for details
author
Roland Haeder
<roland@mxchange.org>
Tue, 19 Jul 2016 13:16:28 +0000
(15:16 +0200)
committer
Roland Haeder
<roland@mxchange.org>
Tue, 19 Jul 2016 13:16:28 +0000
(15:16 +0200)
inc/http-functions.php
patch
|
blob
|
history
diff --git
a/inc/http-functions.php
b/inc/http-functions.php
index cf921efc6be61c48db7bc0a973f77bb822519e9d..acc3c6d5e6b8eddc737a6c151a913d0c14fd36f1 100644
(file)
--- a/
inc/http-functions.php
+++ b/
inc/http-functions.php
@@
-688,6
+688,12
@@
function extractHostnameFromUrl (&$script) {
// Adds a HTTP header to array
function addHttpHeader ($header) {
// Adds a HTTP header to array
function addHttpHeader ($header) {
+ // Is 'Proxy' set?
+ if (substr(trim(strtolower($header)), 0, 6) == 'proxy:') {
+ // Don't allow this header being sent
+ reportBug(__FUNCTION__, __LINE__, 'Security-relevant HTTP header "Proxy" detected. Please do not set this. See https://httpoxy.org/ for details.');
+ } // END - if
+
// Send the header
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, ': header=' . $header);
array_push($GLOBALS['http_header'], trim($header));
// Send the header
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, ': header=' . $header);
array_push($GLOBALS['http_header'], trim($header));