Contrib.social

what many application developers do not realize is that the HTTP host header is controlled by the user. In application security user input should always be considered unsafe and therefore, never trusted without properly validating it first.

Open on Drupal.org →
Created on 23 July 2024, about 2 months ago
Updated 24 July 2024, about 2 months ago

Problem/Motivation

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

Introduced terminology

API changes

Data model changes

Release notes snippet

💬 Support request
Status

Postponed: needs info

Version

11.0 🔥

Component

php.module

Created by

🇮🇳India Vivek kumar tiwari

Live updates comments and jobs are added and updated live.
  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Comments & Activities

  • Issue created by @Vivek kumar tiwari
  • Status changed to Postponed: needs info about 2 months ago
  • Comment about 2 months ago
    🇺🇸United States cilefen

    Thanks for that information. The PHP module doesn't exist in Drupal Core since version 8. As there doesn't seem to be anything actionable here, I am postponing this. If this is about adding some developer documentation you will have to explain that.

    Report security bugs in the proper place, which is not here.

  • Comment about 2 months ago
    🇦🇺Australia larowlan 🇦🇺🏝.au GMT+10

    The trusted hosts setting in settings.PHP allow lists valid hosts

  • Comment about 2 months ago
    🇳🇿New Zealand quietone New Zealand

    Changes are made on on 11.x (our main development branch) first, and are then back ported as needed according to our policies.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024