From b1867dc8d1dc0a299c4156e813c9658ff29b2303 Mon Sep 17 00:00:00 2001
From: Johannes Ernst <jernst@indiecomputing.com>
Date: Tue, 5 Jul 2016 18:49:18 +0000
Subject: Allow wildcard * to be used in trusted domains, to support setups
 where no reliable DNS entry is available (e.g. mDNS) or for simple-to-setup
 aliasing (e.g. *.example.com)

---
 lib/private/Security/TrustedDomainHelper.php | 32 ++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

(limited to 'lib/private')

diff --git a/lib/private/Security/TrustedDomainHelper.php b/lib/private/Security/TrustedDomainHelper.php
index 75407ae3939..6afefcbbe69 100644
--- a/lib/private/Security/TrustedDomainHelper.php
+++ b/lib/private/Security/TrustedDomainHelper.php
@@ -84,7 +84,35 @@ class TrustedDomainHelper {
 			return true;
 		}
 
-		return in_array($domain, $trustedList, true);
-	}
+		if(in_array($domain, $trustedList, true)) {
+			return true;
+		}
 
+ 		// If a value contains a *, apply glob-style matching. Any second * is ignored.
+ 		foreach ($trustedList as $trusted) {
+ 			if($trusted == '*') {
+ 				return true;
+ 			}
+ 			$star = strpos($trusted, '*');
+ 			if($star === false) {
+ 				next;
+ 			}
+ 			if($star === 0) {
+ 				if(strrpos($domain, substr($trusted, 1)) !== false) {
+ 					return true;
+ 				}
+			} elseif($star === strlen($trusted)-1) {
+ 				if(strpos($domain, substr($trusted, 0, strlen($trusted)-1 )) !== false) {
+ 					return true;
+ 				}
+ 			} else {
+ 				if(strpos($domain, substr($trusted, 0, $star)) !== false
+ 				&& strrpos($domain, substr($trusted, $star+1 ), -strlen($trusted-$star-1)) !== false )
+ 				{
+ 					return true;
+ 				}
+ 			}
+ 		}
+ 		return false;
+	}
 }
-- 
cgit v1.2.3