Skip to content
This repository was archived by the owner on Jan 13, 2022. It is now read-only.

Commit 40c74a2

Browse files
author
Fosco Marotto
committed
Updating per feedback.
1 parent 2cfda40 commit 40c74a2

File tree

2 files changed

+11
-14
lines changed

2 files changed

+11
-14
lines changed

.gitignore

-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
11
vendor/
22
composer.lock
33
tests/FacebookTestCredentials.php
4-

src/Facebook/Url/FacebookUrlDetectionHandler.php

+11-13
Original file line numberDiff line numberDiff line change
@@ -95,8 +95,8 @@ protected function protocolWithActiveSsl($protocol)
9595
protected function getHostName()
9696
{
9797
// Check for proxy first
98-
if ($this->isValidForwardedHost() && $host = $this->getHeader('X_FORWARDED_HOST')) {
99-
$elements = explode(',', $host);
98+
if ($header = $this->getHeader('X_FORWARDED_HOST') && $this->isValidForwardedHost($header)) {
99+
$elements = explode(',', $header);
100100
$host = $elements[count($elements) - 1];
101101
} elseif (!$host = $this->getHeader('HOST')) {
102102
if (!$host = $this->getServerVar('SERVER_NAME')) {
@@ -164,20 +164,18 @@ protected function getHeader($key)
164164
/**
165165
* Checks if the value in X_FORWARDED_HOST is a valid hostname
166166
* Could prevent unintended redirections
167+
*
168+
* @param string $header
169+
*
170+
* @return boolean
167171
*/
168-
protected function isValidForwardedHost()
172+
protected function isValidForwardedHost($header)
169173
{
170-
$host = $this->getHeader('X_FORWARDED_HOST');
171-
if (!$host) {
172-
return false;
173-
}
174-
175-
$elements = explode(',', $host);
174+
$elements = explode(',', $header);
176175
$host = $elements[count($elements) - 1];
177176

178-
return return (preg_match("/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i", $domain_name) //valid chars check
179-
&& preg_match("/^.{1,253}$/", $domain_name) //overall length check
180-
&& preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain_name) ); //length of each label
177+
return preg_match("/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i", $host) //valid chars check
178+
&& 0 < strlen($host) && strlen($host) < 254 //overall length check
179+
&& preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $host); //length of each label
181180
}
182-
183181
}

0 commit comments

Comments
 (0)