Implement new option "allowedRemoteHosts" to restrict which remote hosts can be requested

[bohwaz]

This is a simple patch to add some kind of security when allowing remote requests.

[bsweeney]

A user could already perform this validation using the existing allowedProtocols option. For example:

$options = new Dompdf\Options($dompdf_options);
$options->addAllowedProtocol("https://", function (string $uri) use (&$options) {
    $ret = $options->validateRemoteUri($uri);
    if ($ret[0] === false) {
        return $ret;
    }

    $parsed_url = parse_url($uri);
    if (strtolower($parsed_url["host"]) != "example.com") {
        return [false, "The remote file domain is not allowed."];
    }

    return [true, null];
});
$dompdf = new Dompdf\Dompdf($options);

[bohwaz]

Yes but the callback approach is not documented, and this is much easier to use, and also promotes good practices :)