diff options
| author | Jaime Pérez Crespo <jaime.perez@uninett.no> | 2017-01-16 13:03:08 +0100 |
|---|---|---|
| committer | Jaime Pérez Crespo <jaime.perez@uninett.no> | 2017-01-16 13:03:08 +0100 |
| commit | abb3a2b0a4ddebc00c6d779d458082799ab41b28 (patch) | |
| tree | d1fbf45002e7359a8dbc6e4bad0e01d6cdb7e065 | |
| parent | ef5677fb113673a84afb458ab35df6a01736433f (diff) | |
| download | simplesamlphp-abb3a2b0a4ddebc00c6d779d458082799ab41b28.zip simplesamlphp-abb3a2b0a4ddebc00c6d779d458082799ab41b28.tar.gz simplesamlphp-abb3a2b0a4ddebc00c6d779d458082799ab41b28.tar.bz2 | |
Allow standard ports when evaluating trusted URLs.
If a standard port is specified, then ignore it. Otherwise, include the port in the check so that non-standard ports must be whitelisted explicitly.
| -rw-r--r-- | lib/SimpleSAML/Utils/HTTP.php | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php index 9f5a50e..1acdea6 100644 --- a/lib/SimpleSAML/Utils/HTTP.php +++ b/lib/SimpleSAML/Utils/HTTP.php @@ -323,8 +323,15 @@ class HTTP // validates the URL's host is among those allowed if (is_array($trustedSites)) { assert(is_array($trustedSites)); - preg_match('@^https?://([^/]+)@i', $url, $matches); - $hostname = $matches[1]; + preg_match('@^http(s?)://([^/:]+)((?::\d+)?)@i', $url, $matches); + $hostname = $matches[2]; + + // allow URLs with standard ports specified (non-standard ports must then be allowed explicitly) + if (!empty($matches[3]) && + (($matches[1] === '' && $matches[3] !== ':80') || ($matches[1]) === 's' && $matches[3] !== ':443') + ) { + $hostname = $hostname.$matches[3]; + } $self_host = self::getSelfHostWithNonStandardPort(); |