/** * Validates a URL hostname * * @param $hostname string * @param $options fin1te\SafeCurl\Options * * @returns string */ public static function validateHostname($hostname, $ips, Options $options) { //Check the host against the domain lists if (!$options->isInList('whitelist', 'domain', $hostname)) { throw new InvalidDomainException("Provided hostname '{$hostname}' doesn't match whitelisted values: " . implode(', ', $options->getList('whitelist', 'domain'))); } if ($options->isInList('blacklist', 'domain', $hostname)) { throw new InvalidDomainException("Provided hostname '{$hostname}' matches a blacklisted value"); } $whitelistedIps = $options->getList('whitelist', 'ip'); if (!empty($whitelistedIps)) { $valid = false; foreach ($whitelistedIps as $whitelistedIp) { foreach ($ips as $ip) { if (self::cidrMatch($ip, $whitelistedIp)) { $valid = true; break 2; } } } if (!$valid) { throw new InvalidIpException("Provided hostname '{$hostname}' resolves to '" . implode(', ', $ips) . "', which doesn't match whitelisted values: " . implode(', ', $whitelistedIps)); } } $blacklistedIps = $options->getList('blacklist', 'ip'); if (!empty($blacklistedIps)) { foreach ($blacklistedIps as $blacklistedIp) { foreach ($ips as $ip) { if (self::cidrMatch($ip, $blacklistedIp)) { throw new InvalidIpException("Provided hostname '{$hostname}' resolves to '" . implode(', ', $ips) . "', which matches a blacklisted value: " . $blacklistedIp); } } } } return $hostname; }
/** * Validates a URL host. * * @param $host string * @param $options Options * * @returns string */ public static function validateHost($host, Options $options) { $host = strtolower($host); //Check the host against the domain lists if (!$options->isInList('whitelist', 'domain', $host)) { throw new InvalidDomainException('Provided host "' . $host . '" doesn\'t match whitelisted values: ' . implode(', ', $options->getList('whitelist', 'domain'))); } if ($options->isInList('blacklist', 'domain', $host)) { throw new InvalidDomainException('Provided host "' . $host . '" matches a blacklisted value'); } //Now resolve to an IP and check against the IP lists $ips = @gethostbynamel($host); if (empty($ips)) { throw new InvalidDomainException('Provided host "' . $host . '" doesn\'t resolve to an IP address'); } $whitelistedIps = $options->getList('whitelist', 'ip'); if (!empty($whitelistedIps)) { $valid = false; foreach ($whitelistedIps as $whitelistedIp) { foreach ($ips as $ip) { if (self::cidrMatch($ip, $whitelistedIp)) { $valid = true; break 2; } } } if (!$valid) { throw new InvalidIpException('Provided host "' . $host . '" resolves to "' . implode(', ', $ips) . '", which doesn\'t match whitelisted values: ' . implode(', ', $whitelistedIps)); } } $blacklistedIps = $options->getList('blacklist', 'ip'); if (!empty($blacklistedIps)) { foreach ($blacklistedIps as $blacklistedIp) { foreach ($ips as $ip) { if (self::cidrMatch($ip, $blacklistedIp)) { throw new InvalidIpException('Provided host "' . $host . '" resolves to "' . implode(', ', $ips) . '", which matches a blacklisted value: ' . $blacklistedIp); } } } } return array('host' => $host, 'ips' => $ips); }