LEMONLDAP::NG : A site in the protected domain is accepted in $portal->{urldc} even if the site is not declared in the manager
This commit is contained in:
parent
8e6c8de591
commit
2449e92c2d
|
@ -6,7 +6,7 @@ use Data::Dumper;
|
|||
use Lemonldap::NG::Common::Conf::Constants;
|
||||
use Regexp::Assemble;
|
||||
|
||||
use constant DEFAULTCONFFILE => '/etc/lemonldap-ng/storage.conf';
|
||||
use constant DEFAULTCONFFILE => "/etc/lemonldap-ng/storage.conf";
|
||||
|
||||
our $VERSION = 0.51;
|
||||
our $msg;
|
||||
|
|
|
@ -477,7 +477,7 @@ sub controlUrlOrigin {
|
|||
|
||||
# REJECT [\0<'"`] in URL or encoded '%' and non protected hosts
|
||||
if ( $self->{urldc} =~ /(?:\0|<|'|"|`|\%(?:00|25|3C|22|27|2C))/
|
||||
or $self->{urldc} !~ m#^https?://$self->{reVHosts}# )
|
||||
or $self->{urldc} !~ m#^https?://(?:$self->{reVHosts}|(?:[^/]*)?$self->{domain})(?:/.*)$# )
|
||||
{
|
||||
delete $self->{urldc};
|
||||
return PE_BADURL;
|
||||
|
|
Loading…
Reference in New Issue