/** * Returns hostname, without port numbers * * @param $host * @return array */ public static function getHostSanitized($host) { return IP::sanitizeIp($host); }
/** * Returns `true` if the URL points to something on the same host, `false` if otherwise. * * @param string $url * @return bool True if local; false otherwise. * @api */ public static function isLocalUrl($url) { if (empty($url)) { return true; } // handle host name mangling $requestUri = isset($_SERVER['SCRIPT_URI']) ? $_SERVER['SCRIPT_URI'] : ''; $parseRequest = @parse_url($requestUri); $hosts = array(self::getHost(), self::getCurrentHost()); if (!empty($parseRequest['host'])) { $hosts[] = $parseRequest['host']; } // drop port numbers from hostnames and IP addresses $hosts = array_map(array('Piwik\\IP', 'sanitizeIp'), $hosts); $disableHostCheck = Config::getInstance()->General['enable_trusted_host_check'] == 0; // compare scheme and host $parsedUrl = @parse_url($url); $host = IP::sanitizeIp(@$parsedUrl['host']); return !empty($host) && ($disableHostCheck || in_array($host, $hosts)) && !empty($parsedUrl['scheme']) && in_array($parsedUrl['scheme'], array('http', 'https')); }