mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Do not trust casting

This commit is contained in:
Lukas Reschke 2015-12-08 08:50:00 +01:00
parent 451ba4ddaa
commit 8289943a0f
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/private/security/trusteddomainhelper.php
View File

@ -78,7 +78,7 @@ class TrustedDomainHelper {
if (preg_match(Request::REGEX_LOCALHOST, $domain) === 1) { if (preg_match(Request::REGEX_LOCALHOST, $domain) === 1) {
return true; return true;
} }
return in_array($domain, $trustedList); return in_array($domain, $trustedList, true);
} }
} }

2
tests/lib/security/trusteddomainhelper.php
View File

@ -64,6 +64,8 @@ class TrustedDomainHelperTest extends \Test\TestCase {
// do not trust invalid localhosts // do not trust invalid localhosts
[$trustedHostTestList, 'localhost:1:2', false], [$trustedHostTestList, 'localhost:1:2', false],
[$trustedHostTestList, 'localhost: evil.host', false], [$trustedHostTestList, 'localhost: evil.host', false],
// do not trust casting
[[1], '1', false],
]; ];
} }