<?php
function is_valid_time_domain( $url ) {
$whitelisted_domains = array( 'mydomain.com', 'mydomain.net' );
$domain = parse_url( $url, PHP_URL_HOST );
// Check if we match the domain exactly
if ( in_array( $domain, $whitelisted_domains ) ) {
return true;
}
foreach( $whitelisted_domains as $whitelisted_domain ) {
$whitelisted_domain = '.' . $whitelisted_domain; // Prevent things like 'evilsitetime.com'
if( strpos( $domain, $whitelisted_domain ) === ( strlen( $domain ) - strlen( $whitelisted_domain ) ) ) {
return true;
break;
}
}
return false;
}
$domains = array( /*'http://mydomain.com', 'http://www.mydomain.com', 'http://mydomain.com.evilsite.com', 'http://mydomain.com.mydomain.net', 'http://evilsitemydomain.com', 'http://mydomain.com.evil%45site.com', 'http://evil%45sitemydomain.com', 'http://evil%00sitemydomain.com', 'http://mydomain.com.evil%00site.com','http://evilsite.com/.mydomain.com', 'http://mydomain.com%00.evilsite.com', 'http://evilsite.com#.mydomain.com', 'http://evilsite.com@mydomain.com', 'http://mydomain.com@evilsite.com', 'http://evilsite.com@#mydomain.com', 'http://evilsite.com:mydomain.com', 'file://stuff@myfile:mydomain.com', 'file:///dev@mydomain.com', 'file:///dev?@mydomain.com', 'file:///dev?mydomain.com', 'http:mydomain.com', 'http:evilsite.com//mydomain.com', 'http:mydomain.com//evilsite.com', 'http:mydomain.com', 'http://[2010:836B:4179::836B:4179].mydomain.com', 'http://evilsite.com+mydomain.com', 'http://mydomain.com+evilsite.com', 'http://%6Dydomain.com', 'http://evilsite$mydomain.com', 'http://evilsite;mydomain.com', 'http://%1B.mydomain.com/', 'http://%1Bmydomain.com/', 'http://mydom ain.com', 'http://my domain.com', 'http://mydomain.com.eu', 'http://"mydomain.com', 'http://".mydomain.com', 'http://%22.mydomain.com',*/ 'http://£.mydomain.com', 'http://example.com£mydomain.com', 'http://example.com£%2Emydomain.com', 'http://%00.mydomain.com', 'http://%00mydomain.com', 'data://text%2Fhtml%2C%3Ch1%3EHello%2C%20World!%3C%2Fh1%3E.mydomain.com', 'feed://http://mydomain.com');
foreach( $domains as $domain ) {
echo $domain . "\n";
var_dump( is_valid_time_domain( $domain ) );
}
- Output for git.master, git.master_jit, rfc.property-hooks
- http://£.mydomain.com
bool(true)
http://example.com£mydomain.com
bool(false)
http://example.com£%2Emydomain.com
bool(false)
http://%00.mydomain.com
bool(true)
http://%00mydomain.com
bool(false)
data://text%2Fhtml%2C%3Ch1%3EHello%2C%20World!%3C%2Fh1%3E.mydomain.com
bool(true)
feed://http://mydomain.com
bool(false)
This tab shows result from various feature-branches currently under review by the php developers. Contact me to have additional branches featured.
Active branches
Archived branches
Once feature-branches are merged or declined, they are no longer available. Their functionality (when merged) can be viewed from the main output page
preferences:
66.74 ms | 402 KiB | 8 Q