lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 17:44:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

DNS Rebind Check Case Sensitivity (#5484)

Browse Source
This commit is contained in:
NOYB 2022-01-17 23:40:15 -08:00 committed by GitHub
parent f59b712f68
commit f0235a79d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/etc/inc/authgui.inc
View File

@ -90,7 +90,7 @@ function check_security_dns_rebind()
}
if (is_ipaddr($http_host) || in_array($_SERVER['SERVER_ADDR'], ["127.0.0.1", "::1"])) {
return false;
} elseif (in_array($http_host, $this_host)) {
} elseif (in_array(strtolower($http_host), array_map('strtolower', $this_host))) {
return false;
}
return true;
@ -109,7 +109,7 @@ function check_security_http_referer_enforement()
$this_host = array_merge($this_host, explode(" ", $config['system']['webgui']['althostnames']));
}
if ($referrer_host) {
if (in_array($referrer_host, $this_host)) {
if (in_array(strtolower($referrer_host), array_map('strtolower', $this_host))) {
return false;
} elseif (isAuthLocalIP($referrer_host)) {
return false;