Do not trust casting

2015-12-08 08:50:00 +01:00 · 2015-12-08 08:50:00 +01:00 · 8289943a0f
parent 451ba4ddaa
commit 8289943a0f
2 changed files with 3 additions and 1 deletions
--- a/lib/private/security/trusteddomainhelper.php
+++ b/lib/private/security/trusteddomainhelper.php
@ -78,7 +78,7 @@ class TrustedDomainHelper {
 		if (preg_match(Request::REGEX_LOCALHOST, $domain) === 1) {
 			return true;
 		}
-		return in_array($domain, $trustedList);
+		return in_array($domain, $trustedList, true);
 	}

 }
--- a/tests/lib/security/trusteddomainhelper.php
+++ b/tests/lib/security/trusteddomainhelper.php
@ -64,6 +64,8 @@ class TrustedDomainHelperTest extends \Test\TestCase {
 			// do not trust invalid localhosts
 			[$trustedHostTestList, 'localhost:1:2', false],
 			[$trustedHostTestList, 'localhost: evil.host', false],
+			// do not trust casting
+			[[1], '1', false],
 		];
 	}