summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/private/Security/TrustedDomainHelper.php9
-rw-r--r--tests/lib/Security/TrustedDomainHelperTest.php4
2 files changed, 10 insertions, 3 deletions
diff --git a/lib/private/Security/TrustedDomainHelper.php b/lib/private/Security/TrustedDomainHelper.php
index 44e133746fd..cf4def63dd3 100644
--- a/lib/private/Security/TrustedDomainHelper.php
+++ b/lib/private/Security/TrustedDomainHelper.php
@@ -78,13 +78,16 @@ class TrustedDomainHelper {
if (preg_match(Request::REGEX_LOCALHOST, $domain) === 1) {
return true;
}
-
- // match, allowing for * wildcards
+ // Reject misformed domains in any case
+ if (strpos($domain,'-') === 0 || strpos($domain,'..') !== false) {
+ return false;
+ }
+ // Match, allowing for * wildcards
foreach ($trustedList as $trusted) {
if (gettype($trusted) !== 'string') {
break;
}
- $regex = '/^' . join('.*', array_map(function($v) { return preg_quote($v, '/'); }, explode('*', $trusted))) . '$/';
+ $regex = '/^' . join('[-\.a-zA-Z0-9]*', array_map(function($v) { return preg_quote($v, '/'); }, explode('*', $trusted))) . '$/';
if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) {
return true;
}
diff --git a/tests/lib/Security/TrustedDomainHelperTest.php b/tests/lib/Security/TrustedDomainHelperTest.php
index 6c254dcaa79..1beb7a66717 100644
--- a/tests/lib/Security/TrustedDomainHelperTest.php
+++ b/tests/lib/Security/TrustedDomainHelperTest.php
@@ -102,6 +102,10 @@ class TrustedDomainHelperTest extends \Test\TestCase {
[$trustedHostTestList, 'abc.leadingwith.port:1234', false],
[$trustedHostTestList, 'trailingwith.port.abc:456', true],
[$trustedHostTestList, 'trailingwith.port.abc:123', false],
+ // bad hostname
+ [$trustedHostTestList, '-bad', false],
+ [$trustedHostTestList, '-bad.leading.host', false],
+ [$trustedHostTestList, 'bad..der.leading.host', false],
];
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-02 10:02:38 +0000