diff options
| author | Andrey Andreev <narf@devilix.net> | 2015-10-26 14:31:38 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2015-10-31 17:55:30 +0100 |
| commit | 0a6b0661305f20ac1fbd219d43f59193bea90d1d (patch) | |
| tree | ea43dad00c9a93b64ea9c823c0702ddf937fc2d8 /system/core | |
| parent | 71b1b3f5b2dcc0f4b652e9494e9853b82541ac8c (diff) | |
Prevent Host header injections
Diffstat (limited to 'system/core')
| -rw-r--r-- | system/core/Config.php | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/system/core/Config.php b/system/core/Config.php index feea7c85a..0264776f9 100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -88,11 +88,9 @@ class CI_Config { // Set the base_url automatically if none was provided if (empty($this->config['base_url'])) { - // The regular expression is only a basic validation for a valid "Host" header. - // It's not exhaustive, only checks for valid characters. - if (isset($_SERVER['HTTP_HOST']) && preg_match('/^((\[[0-9a-f:]+\])|(\d{1,3}(\.\d{1,3}){3})|[a-z0-9\-\.]+)(:\d+)?$/i', $_SERVER['HTTP_HOST'])) + if (isset($_SERVER['SERVER_ADDR'])) { - $base_url = (is_https() ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'] + $base_url = (is_https() ? 'https' : 'http').'://'.$_SERVER['SERVER_ADDR'] .substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME']))); } else |