/** * Get the current host of the request * * @return string * @throws UnexpectedValueException if the hostname is invalid */ public function host() { if (!($host = Environment::get('HTTP_HOST'))) { if (!($host = $this->name())) { $host = Enviroment::get('SERVER_ADDR'); } } // trim and remove port number from host $host = strtolower(preg_replace('/:\\d+$/', '', trim($host))); // check that it does not contain forbidden characters if ($host && preg_replace('/(?:^\\[)?[a-zA-Z0-9-:\\]_]+\\.?/', '', $host) !== '') { throw new UnexpectedValueException(sprintf('Invalid Host "%s"', $host)); } // TODO // check the hostname against a trusted list of host patterns to avoid host header injection attacks if (count(self::$trustedHostPatterns) > 0) { foreach (self::$trustedHostPatterns as $pattern) { if (preg_match($pattern, $host)) { return $host; } } throw new UnexpectedValueException(sprintf('Untrusted Host "%s"', $host)); } return $host; }