From f0235a79d058a7a8099e28e731369c62e9ec8fcd Mon Sep 17 00:00:00 2001
From: NOYB <1977521+NOYB@users.noreply.github.com>
Date: Mon, 17 Jan 2022 23:40:15 -0800
Subject: [PATCH] DNS Rebind Check Case Sensitivity (#5484)

---
 src/etc/inc/authgui.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc
index bf9f498cf..141506acf 100644
--- a/src/etc/inc/authgui.inc
+++ b/src/etc/inc/authgui.inc
@@ -90,7 +90,7 @@ function check_security_dns_rebind()
         }
         if (is_ipaddr($http_host) || in_array($_SERVER['SERVER_ADDR'], ["127.0.0.1", "::1"])) {
             return false;
-        } elseif (in_array($http_host, $this_host)) {
+        } elseif (in_array(strtolower($http_host), array_map('strtolower', $this_host))) {
             return false;
         }
         return true;
@@ -109,7 +109,7 @@ function check_security_http_referer_enforement()
             $this_host = array_merge($this_host, explode(" ", $config['system']['webgui']['althostnames']));
         }
         if ($referrer_host) {
-            if (in_array($referrer_host, $this_host)) {
+            if (in_array(strtolower($referrer_host), array_map('strtolower', $this_host))) {
                 return false;
             } elseif (isAuthLocalIP($referrer_host)) {
                 return false;