aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Security/TrustedDomainHelper.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/Security/TrustedDomainHelper.php')
-rw-r--r--lib/private/Security/TrustedDomainHelper.php23
1 files changed, 15 insertions, 8 deletions
diff --git a/lib/private/Security/TrustedDomainHelper.php b/lib/private/Security/TrustedDomainHelper.php
index 75407ae3939..cf4def63dd3 100644
--- a/lib/private/Security/TrustedDomainHelper.php
+++ b/lib/private/Security/TrustedDomainHelper.php
@@ -70,7 +70,7 @@ class TrustedDomainHelper {
// Read trusted domains from config
$trustedList = $this->config->getSystemValue('trusted_domains', []);
- if(!is_array($trustedList)) {
+ if (!is_array($trustedList)) {
return false;
}
@@ -78,13 +78,20 @@ class TrustedDomainHelper {
if (preg_match(Request::REGEX_LOCALHOST, $domain) === 1) {
return true;
}
-
- // Compare with port appended
- if(in_array($domainWithPort, $trustedList, true)) {
- return true;
+ // Reject misformed domains in any case
+ if (strpos($domain,'-') === 0 || strpos($domain,'..') !== false) {
+ return false;
}
-
- return in_array($domain, $trustedList, true);
+ // Match, allowing for * wildcards
+ foreach ($trustedList as $trusted) {
+ if (gettype($trusted) !== 'string') {
+ break;
+ }
+ $regex = '/^' . join('[-\.a-zA-Z0-9]*', array_map(function($v) { return preg_quote($v, '/'); }, explode('*', $trusted))) . '$/';
+ if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) {
+ return true;
+ }
+ }
+ return false;
}
-
}