'HTTP_HOST' not being evaluated correctly?

Question

I use php scripts when there are errors (like 400,404,403,etc), to email me and advise of what is being attempted.

I noticed on a 400 error, the 'from' and 'to' didn't contain my domain name, but another domain name. This is some of the code I use ..

PHP Code:

$http_host = $_SERVER["HTTP_HOST"]; 
$http_host = str_replace("www.", "", $http_host); 
$from = "From: webmaster@" . $http_host . "\r\n"; 
$to = "From: webmaster@" . $http_host . "\r\n";  

The var $http_host had the other domain name there. Fortunately, the email bounced back, so I became aware of the problem. Here is the web access logs entry

94.102.51.246 - - [23/Feb/2013:16:17:49 +1100] "GET http://24x7-allrequestsallowed.com/?...RWJWS_FA%40FQN HTTP/1.1" 400 2815 "-" "Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20100101 Firefox/16.0"

It seems $_SERVER["HTTP_HOST"] was evaluated to '24x7-allrequestsallowed.com'

I'm mystified how this was parsed as a URL, but more uneasy that $_SERVER["HTTP_HOST"] wasn't set to the 'proper' domain name.

Answer 1

Change:

 $http_host = $_SERVER["HTTP_HOST"]; 
 $http_host = str_replace("www.", "", $http_host); 

...to...

 $http_host = $_SERVER["SERVER_NAME"]; 
 $http_host = str_replace("www.", "", $http_host); 

Will return "The name of the server host under which the current script is executing. If the script is running on a virtual host, this will be the value defined for that virtual host."

Source: http://php.net/manual/en/reserved.variables.server.php