LEMONLDAP::NG : A site in the protected domain is accepted in $portal->{urldc} even if the site is not declared in the manager

2008-12-24 09:12:53 +00:00 · 2008-12-24 09:12:53 +00:00 · 2449e92c2d
parent 8e6c8de591
commit 2449e92c2d
2 changed files with 2 additions and 2 deletions
--- a/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm
+++ b/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf.pm
@ -6,7 +6,7 @@ use Data::Dumper;
 use Lemonldap::NG::Common::Conf::Constants;
 use Regexp::Assemble;

-use constant DEFAULTCONFFILE => '/etc/lemonldap-ng/storage.conf';
+use constant DEFAULTCONFFILE => "/etc/lemonldap-ng/storage.conf";

 our $VERSION = 0.51;
 our $msg;
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@ -477,7 +477,7 @@ sub controlUrlOrigin {

        # REJECT [\0<'"`] in URL or encoded '%' and non protected hosts
        if (   $self->{urldc} =~ /(?:\0|<|'|"|`|\%(?:00|25|3C|22|27|2C))/
-            or $self->{urldc} !~ m#^https?://$self->{reVHosts}# )
+            or $self->{urldc} !~ m#^https?://(?:$self->{reVHosts}|(?:[^/]*)?$self->{domain})(?:/.*)$# )
        {
            delete $self->{urldc};
            return PE_BADURL;