security::provided_host_valid (private)

 security::provided_host_valid host

Defined in packages/acs-tcl/tcl/security-procs.tcl

Check, if the provided host contains just valid characters. Spit warning message out only once per request.

Parameters:

host (required)

host from host header field.

Partial Call Graph (max 5 caller/called nodes):

Testcases:

No testcase defined.

Source code:

    #
    # The per-request cache takes care of outputting error message only
    # once per request.
    #
    return [acs::per_request_cache eval -key acs-tcl.security_provided_host_validated-$host {
        set result 1
        if {$host ne ""} {
            if {![regexp {^[\w.:@+/=$%!*~\[\]-]+$} $host]} {
                #
                # Don't use "ad_log", since this might leed to a recursive loop.
                #
                binary scan [encoding convertto utf-8 $host] H* hex
                ns_log warning "provided host <$host> (hex $hex) contains invalid characters\n URL: [ns_conn url]\npeer addr:[ad_conn peeraddr]"
                set result 0
            }
        }
        set result
    }]

Generic XQL file:

packages/acs-tcl/tcl/security-procs.xql

PostgreSQL XQL file:

packages/acs-tcl/tcl/security-procs-postgresql.xql

Oracle XQL file:

packages/acs-tcl/tcl/security-procs-oracle.xql