diff options
| author | Matthieu Aubry <matt@piwik.org> | 2015-07-08 13:26:19 +0300 |
|---|---|---|
| committer | Matthieu Aubry <matt@piwik.org> | 2015-07-08 13:26:19 +0300 |
| commit | d27091b8868f523a5db2da69c57b38e61bf1ef18 (patch) | |
| tree | 813e5ef1692611cf4c58fc55a131ff0f0f149ffa | |
| parent | aa6fbd34fbc05e6f97d25a38b7a65fc73573b475 (diff) | |
| parent | 6cb72fcb7dddc5a21417ab0c032577844eccff52 (diff) | |
Merge pull request #8291 from piwik/8290
escape trusted hosts before calling preg_match to prevent PHP warning
| -rw-r--r-- | core/Url.php | 3 | ||||
| -rw-r--r-- | tests/PHPUnit/Unit/UrlTest.php | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/core/Url.php b/core/Url.php index 3e38b4718a..7578088de4 100644 --- a/core/Url.php +++ b/core/Url.php @@ -240,9 +240,12 @@ class Url return true; } + // Escape trusted hosts for preg_match call below foreach ($trustedHosts as &$trustedHost) { $trustedHost = preg_quote($trustedHost); } + $trustedHosts = str_replace("/", "\\/", $trustedHosts); + $untrustedHost = Common::mb_strtolower($host); $untrustedHost = rtrim($untrustedHost, '.'); diff --git a/tests/PHPUnit/Unit/UrlTest.php b/tests/PHPUnit/Unit/UrlTest.php index 9ad2571be6..3153e43acc 100644 --- a/tests/PHPUnit/Unit/UrlTest.php +++ b/tests/PHPUnit/Unit/UrlTest.php @@ -231,6 +231,8 @@ class UrlTest extends \PHPUnit_Framework_TestCase array(false, 'www.example.com:8080', array('example.com'), 'host:port is valid'), array(true, 'www.example.com:8080', array('example.com:8080'), 'host:port is valid'), array(false, 'www.whatever.com', array('*.whatever.com'), 'regex char is escaped'), + array(false, 'www.whatever.com', array('www.whatever.com/abc'), 'with path starting with /a does not throw error'), + array(false, 'www.whatever.com', array('www.whatever.com/path/here'), 'with path starting with /p does not throw error'), ); } |