Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -r1.132 -r1.133
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl	12 Mar 2025 09:45:22 -0000	1.132
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl	29 Apr 2025 13:11:43 -0000	1.133
@@ -3130,7 +3130,12 @@
         return $hostHeaderValue
     }
 
-    set hostHeaderDict [ns_parsehostport $hostHeaderValue]
+    try {
+        set hostHeaderDict [ns_parsehostport $hostHeaderValue]
+    } on error {errorMsg} {
+        ns_log [expr {[acs::icanuse "ns_log security"] ? "security" : "warning"}] "security::validated_host_header: $errorMsg"
+        return ""
+    }
     #
     # Remove trailing dot, as this is allowed in fully qualified DNS
     # names (see e.g. §3.2.2 of RFC 3976).
@@ -3150,6 +3155,8 @@
     if {[acs::icanuse "ns_server hosts"]} {
         if {$normalizedHostHeaderValue in [ns_server hosts]} {
             #
+            # New Style host validation, available in new NaviServer 5
+            # versions after June 10, 2024
             #
             set validationOk 1
         }