dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix slight bug about trustedDomains regex: domains might be tampered (#467)

Browse Source
This commit is contained in:
François-Xavier Deltombe 2013-02-08 10:58:35 +00:00
parent ec22ab2592
commit 65252af36b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
View File

@ -458,7 +458,7 @@ sub new {
$self->{trustedDomains} = "*"
if ( $self->{trustedDomains} =~ /(^|\s)\*(\s|$)/ );
if ( $self->{trustedDomains} and $self->{trustedDomains} ne "*" ) {
$self->{trustedDomains} =~ s#(^|\s+)\.#[^/]+.#g;
$self->{trustedDomains} =~ s#((^|\s+))\.#${1}[^/]+.#g;
$self->{trustedDomains} =
'(' . join( '|', split( /\s+/, $self->{trustedDomains} ) ) . ')';
$self->{trustedDomains} =~ s/\./\\./g;