security::provided_host_valid (private)

 security::provided_host_valid host

Defined in packages/acs-tcl/tcl/security-procs.tcl

Check, if the provided host contains just valid characters. Spit warning message out only once per request.

Parameters:
host - host from host header field.

Partial Call Graph (max 5 caller/called nodes):
%3 acs::root_of_host_noncached acs::root_of_host_noncached (private) security::provided_host_valid security::provided_host_valid acs::root_of_host_noncached->security::provided_host_valid security::validated_host_header security::validated_host_header (public) security::validated_host_header->security::provided_host_valid ad_conn ad_conn (public) security::provided_host_valid->ad_conn

Testcases:
No testcase defined.
Source code:
    #
    # The per-request cache takes care of outputting error message only
    # once per request.
    #
    return [acs::per_request_cache eval -key acs-tcl.security_provided_host_validated-$host {
        set result 1
        if {$host ne ""} {
            if {![regexp {^[\w.:@+/=$%!*~\[\]-]+$} $host]} {
                #
                # Don't use "ad_log", since this might leed to a recursive loop.
                #
                binary scan [encoding convertto utf-8 $host] H* hex
                ns_log warning "provided host <$host> (hex $hex) contains invalid characters\n URL: [ns_conn url]\npeer addr:[ad_conn peeraddr]"
                set result 0
            }
        }
        set result
    }]
Generic XQL file:
packages/acs-tcl/tcl/security-procs.xql

PostgreSQL XQL file:
packages/acs-tcl/tcl/security-procs-postgresql.xql

Oracle XQL file:
packages/acs-tcl/tcl/security-procs-oracle.xql

[ hide source ] | [ make this the default ]
Show another procedure: