function drupal_valid_http_host

7.x bootstrap.inc	`drupal_valid_http_host($host)`
6.x bootstrap.inc	`drupal_valid_http_host($host)`

Validate that a hostname (for example $_SERVER['HTTP_HOST']) is safe.

As $_SERVER['HTTP_HOST'] is user input, ensure it only contains characters allowed in hostnames. See RFC 952 (and RFC 2181). $_SERVER['HTTP_HOST'] is lowercased.

Return value

TRUE if only containing valid characters, or FALSE otherwise.

1 call to drupal_valid_http_host()

conf_init in drupal-6.x/includes/bootstrap.inc: Loads the configuration and sets the base URL, cookie domain, and session name correctly.

File

drupal-6.x/includes/bootstrap.inc, line 366: Functions that need to be loaded on every Drupal request.

Code

function drupal_valid_http_host($host) {
  return preg_match('/^\[?(?:[a-z0-9-:\]_]+\.?)+$/', $host);
}