|
|
@@ -78,13 +78,16 @@ class TrustedDomainHelper { |
|
|
|
if (preg_match(Request::REGEX_LOCALHOST, $domain) === 1) { |
|
|
|
return true; |
|
|
|
} |
|
|
|
|
|
|
|
// match, allowing for * wildcards |
|
|
|
// Reject misformed domains in any case |
|
|
|
if (strpos($domain,'-') === 0 || strpos($domain,'..') !== false) { |
|
|
|
return false; |
|
|
|
} |
|
|
|
// Match, allowing for * wildcards |
|
|
|
foreach ($trustedList as $trusted) { |
|
|
|
if (gettype($trusted) !== 'string') { |
|
|
|
break; |
|
|
|
} |
|
|
|
$regex = '/^' . join('.*', array_map(function($v) { return preg_quote($v, '/'); }, explode('*', $trusted))) . '$/'; |
|
|
|
$regex = '/^' . join('[-\.a-zA-Z0-9]*', array_map(function($v) { return preg_quote($v, '/'); }, explode('*', $trusted))) . '$/'; |
|
|
|
if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) { |
|
|
|
return true; |
|
|
|
} |