From de80aff584eea95af4e90a7187564262b8ba40c9 Mon Sep 17 00:00:00 2001
From: Cerdic <cedric@yterium.com>
Date: Mon, 12 Jun 2017 07:54:01 +0000
Subject: [PATCH] Meilleure sanitization du host pour eviter des choses
 exotiques

---
 ecrire/inc_version.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ecrire/inc_version.php b/ecrire/inc_version.php
index c5ada63691..eea77e7f12 100644
--- a/ecrire/inc_version.php
+++ b/ecrire/inc_version.php
@@ -233,7 +233,7 @@ if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])){
 		$host = trim(reset($h));
 	}
 	// securite sur le contenu de l'entete
-	$host = strtr($host, "<>?\"' \r\n", '________');
+	$host = strtr($host, "<>?\"\{\}\$'` \r\n", '____________');
 	$_SERVER['HTTP_HOST'] = $host;
 }
 //
-- 
GitLab