/**
* Get the current host of the request
*
* @return string
* @throws UnexpectedValueException if the hostname is invalid
*/
public function host()
{
if (!($host = Environment::get('HTTP_HOST'))) {
if (!($host = $this->name())) {
$host = Enviroment::get('SERVER_ADDR');
}
}
// trim and remove port number from host
$host = strtolower(preg_replace('/:\\d+$/', '', trim($host)));
// check that it does not contain forbidden characters
if ($host && preg_replace('/(?:^\\[)?[a-zA-Z0-9-:\\]_]+\\.?/', '', $host) !== '') {
throw new UnexpectedValueException(sprintf('Invalid Host "%s"', $host));
}
// TODO
// check the hostname against a trusted list of host patterns to avoid host header injection attacks
if (count(self::$trustedHostPatterns) > 0) {
foreach (self::$trustedHostPatterns as $pattern) {
if (preg_match($pattern, $host)) {
return $host;
}
}
throw new UnexpectedValueException(sprintf('Untrusted Host "%s"', $host));
}
return $host;
}
