[Security] Absolute URL can be spoofed via `Host` header.

[Arinerron]

teendevops-web/includes/functions.php

Line 35 in 2efe265

return ((!gone(HTTPS) ? 'https' : 'http') .'://' . (!gone(SITE) ? SITE : (!gone($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : (!gone($_SERVER['SERVER_NAME']) ?$_SERVER['SERVER_NAME'] : 'localhost'))) .(substr($request, 0, 1) !== '/' ? '/' : '') . $request);

[crablab]

That's just a really horrible way to do it anyway...
Try using Apache rewrites instead