[PHP-WEBMASTER] [web-php] master: Fixed host suffix check

Derick Rethans Mon, 23 Mar 2026 04:10:52 -0700

Author: Derick Rethans (derickr)
Date: 2026-03-23T11:08:11Z

Commit: 
https://github.com/php/web-php/commit/a46c652c32e0d1946e60c1fb24b234e751c030cc
Raw diff: 
https://github.com/php/web-php/commit/a46c652c32e0d1946e60c1fb24b234e751c030cc.diff


Fixed host suffix check

Changed paths:
  M  include/prepend.inc


Diff:

diff --git a/include/prepend.inc b/include/prepend.inc
index 83e50b8260..b2f3969f11 100644
--- a/include/prepend.inc
+++ b/include/prepend.inc
@@ -26,7 +26,7 @@ header("Permissions-Policy: interest-cohort=()");
     }
 
     $host = parse_url($_SERVER["HTTP_ORIGIN"]);
-    if (strncmp(strrev($host["host"]), strrev("php.net"), strlen("php.net")) 
!= 0) {
+    if (!preg_match('/^(.+\.)?php\.net$/', $host["host"])) {
         if ($host["host"] != $_SERVER["SERVER_NAME"]) {
             exit(10);
         }

[PHP-WEBMASTER] [web-php] master: Fixed host suffix check

Reply via email to