[BUG] Bad preg_match filter in page.lostpassword.php

[GoofyNest]

• SourceBans++ Version: 1.6.3
• 1.8 - build 6041:
• PHP and MySQL version: PHP 5.6, doesn't matter.
• Linux Ubuntu 16.04
• Link to your project (for web panel issues): N/A
• Link to gist with phpinfo() output (for web panel issues): N/A

My domain contains - and your filter detect my domain as a potential SQL injection on resetting password.

preg_match("/[\w\.]*/", $_SERVER['HTTP_HOST'], $match);
Should be
preg_match("/[\w\.-]*/", $_SERVER['HTTP_HOST'], $match);

/pages/page.lostpassword.php
line 40

[rumblefrog]

Section in question:

sourcebans-pp/web/pages/page.lostpassword.php

Lines 40 to 51 in d84b24a

	preg_match("/[\w\.]*/", $_SERVER['HTTP_HOST'], $match);
	if ($match[0] != $_SERVER['HTTP_HOST']) {
	echo '<div id="msg-red" style="">
	<i><img src="./images/warning.png" alt="Warning" /></i>
	<b>Error</b>
	<br />
	An unknown error occured.
	</div>';
	$log = new CSystemLog("w", "Hacking Attempt", "Attempted password reset email injection. Using: " . $_SERVER['HTTP_HOST']);
	exit();
	}

Is there even a case where you regex match HTTP_HOST and it's not equal to HTTP_HOST when comparing? Feels like this is unnecessary. @Groruk