diff options
author | David Rothstein <drothstein@gmail.com> | 2014-07-16 16:03:02 -0400 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2014-07-16 16:03:02 -0400 |
commit | 83b80acad8431fcd56e9a331ba06c41edee48c91 (patch) | |
tree | 14e68546a7d96f64ea9e34196f10404eea093922 /includes/bootstrap.inc | |
parent | 1769d1cca92e206510528c324552797e83a1fc7c (diff) | |
download | brdo-83b80acad8431fcd56e9a331ba06c41edee48c91.tar.gz brdo-83b80acad8431fcd56e9a331ba06c41edee48c91.tar.bz2 |
Drupal 7.29
Diffstat (limited to 'includes/bootstrap.inc')
-rw-r--r-- | includes/bootstrap.inc | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 09c2044bd..d8120cba3 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '7.28'); +define('VERSION', '7.29'); /** * Core API compatibility. @@ -700,7 +700,14 @@ function drupal_environment_initialize() { * TRUE if only containing valid characters, or FALSE otherwise. */ function drupal_valid_http_host($host) { - return preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host); + // Limit the length of the host name to 1000 bytes to prevent DoS attacks with + // long host names. + return strlen($host) <= 1000 + // Limit the number of subdomains and port separators to prevent DoS attacks + // in conf_path(). + && substr_count($host, '.') <= 100 + && substr_count($host, ':') <= 100 + && preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host); } /** |