Welcome Guest, Not a member yet? Register   Sign In
[split] CodeIgniter 3.0.3 and Windows
#5

(11-03-2015, 02:46 AM)kenjis Wrote: @Martin7483
Do you know your code could allow Host header injection?

Ah, yes.

But I have this in my index.php
PHP Code:
/*
 *---------------------------------------------------------------
 * SANITIZE $_SERVER HTTP HOST
 *---------------------------------------------------------------
 *
 * Set a whitelist of allowed domains
 */
$default_domain 'mydomain.com';
$allowed_domains = array('mydomain.com');
if( ! 
in_array($_SERVER['HTTP_HOST'], $allowed_domains) ) {
 
   $_SERVER['HTTP_HOST'] = $default_domain;

Reply


Messages In This Thread
RE: CodeIgniter 3.0.3 Released - by rtorralba - 11-02-2015, 05:05 PM
RE: CodeIgniter 3.0.3 Released - by Martin7483 - 11-03-2015, 01:45 AM
RE: CodeIgniter 3.0.3 Released - by kenjis - 11-03-2015, 02:46 AM
RE: CodeIgniter 3.0.3 Released - by Martin7483 - 11-03-2015, 03:32 AM



Theme © iAndrew 2016 - Forum software by © MyBB