Do not trust casting
This commit is contained in:
parent
451ba4ddaa
commit
8289943a0f
|
@ -78,7 +78,7 @@ class TrustedDomainHelper {
|
|||
if (preg_match(Request::REGEX_LOCALHOST, $domain) === 1) {
|
||||
return true;
|
||||
}
|
||||
return in_array($domain, $trustedList);
|
||||
return in_array($domain, $trustedList, true);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -64,6 +64,8 @@ class TrustedDomainHelperTest extends \Test\TestCase {
|
|||
// do not trust invalid localhosts
|
||||
[$trustedHostTestList, 'localhost:1:2', false],
|
||||
[$trustedHostTestList, 'localhost: evil.host', false],
|
||||
// do not trust casting
|
||||
[[1], '1', false],
|
||||
];
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue