security::validated_host_header (public)

 security::validated_host_header

Defined in packages/acs-tcl/tcl/security-procs.tcl

Returns:
validated host header field or empty
Author:
Gustaf Neumann Protect against faked or invalid host header fields. Host header attacks can lead to web-cache poisoning and password reset attacks <for more details, see e.g. http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html>

Partial Call Graph (max 5 caller/called nodes):
%3 util_current_location util_current_location (public) security::validated_host_header security::validated_host_header util_current_location->security::validated_host_header ad_conn ad_conn (public) security::validated_host_header->ad_conn ad_url ad_url (public) security::validated_host_header->ad_url db_0or1row db_0or1row (public) security::validated_host_header->db_0or1row security::configured_driver_info security::configured_driver_info (public) security::validated_host_header->security::configured_driver_info security::provided_host_valid security::provided_host_valid (private) security::validated_host_header->security::provided_host_valid

Testcases:
No testcase defined.
[ show source ]
Show another procedure: