diff options
author | David Rothstein <drothstein@gmail.com> | 2014-07-16 16:08:05 -0400 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2014-07-16 16:08:05 -0400 |
commit | 3310afeb856564d2bc0c03512566bff60029d7be (patch) | |
tree | 3daebf4b2b5965c66e93180d31338439a6a76625 /includes/bootstrap.inc | |
parent | 338e2d4db78cc346a7491b54537b4120f53a8da2 (diff) | |
parent | 83b80acad8431fcd56e9a331ba06c41edee48c91 (diff) | |
download | brdo-3310afeb856564d2bc0c03512566bff60029d7be.tar.gz brdo-3310afeb856564d2bc0c03512566bff60029d7be.tar.bz2 |
Merge tag '7.29' into 7.x
7.29 release
Conflicts:
includes/bootstrap.inc
Diffstat (limited to 'includes/bootstrap.inc')
-rw-r--r-- | includes/bootstrap.inc | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 0b81dc022..e1b447cfd 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '7.29-dev'); +define('VERSION', '7.30-dev'); /** * Core API compatibility. @@ -700,7 +700,14 @@ function drupal_environment_initialize() { * TRUE if only containing valid characters, or FALSE otherwise. */ function drupal_valid_http_host($host) { - return preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host); + // Limit the length of the host name to 1000 bytes to prevent DoS attacks with + // long host names. + return strlen($host) <= 1000 + // Limit the number of subdomains and port separators to prevent DoS attacks + // in conf_path(). + && substr_count($host, '.') <= 100 + && substr_count($host, ':') <= 100 + && preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host); } /** |