<?php
function is_valid_time_domain( $url ) {
$whitelisted_domains = array( 'mydomain.com', 'mydomain.net' );
$domain = parse_url( $url, PHP_URL_HOST );
// Check if we match the domain exactly
if ( in_array( $domain, $whitelisted_domains ) ) {
return true;
}
foreach( $whitelisted_domains as $whitelisted_domain ) {
$whitelisted_domain = '.' . $whitelisted_domain; // Prevent things like 'evilsitetime.com'
if( strpos( $domain, $whitelisted_domain ) === ( strlen( $domain ) - strlen( $whitelisted_domain ) ) ) {
return true;
break;
}
}
return false;
}
$domains = array( 'http://mydomain.com', 'http://www.mydomain.com', 'http://mydomain.com.evilsite.com', 'http://mydomain.com.mydomain.net', 'http://evilsitemydomain.com', 'http://mydomain.com.evil%45site.com', 'http://evil%45sitemydomain.com', 'http://evil%00sitemydomain.com', 'http://mydomain.com.evil%00site.com','http://evilsite.com/.mydomain.com', 'http://mydomain.com%00.evilsite.com', 'http://evilsite.com#.mydomain.com', 'http://evilsite.com@mydomain.com', 'http://mydomain.com@evilsite.com', 'http://evilsite.com#@mydomain.com', 'http://evilsite.com:mydomain.com', 'file://stuff@myfile:mydomain.net', 'file:///dev@mydomain.net', 'file:///dev?@mydomain.net', 'file:///dev?mydomain.net', 'http:mydomain.net', 'http:evilsite.com//mydomain.net');
foreach( $domains as $domain ) {
echo $domain . "\n";
var_dump( is_valid_time_domain( $domain ) );
}
preferences:
55.31 ms | 402 KiB | 5 Q