mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 00:12:56 +02:00
Code Issues Projects Releases Wiki Activity

MDL-50688 lib: fix local url validation bug

Browse Source 
Change-Id: I350bb8c9ace5cc0403f083f728c100097be7aa7e
Reviewed-on: https://review.totaralms.com/8101
Tested-by: Jenkins Automation <jenkins@totaralms.com>
Reviewed-by: Sam Hemelryk <sam.hemelryk@totaralms.com>
Reviewed-by: Alastair Munro <alastair.munro@totaralms.com>
This commit is contained in:
Petr Skoda 2015-06-15 10:20:12 +12:00 committed by Eloy Lafuente (stronk7)
parent 489878ad09
commit 5c1f41f058
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/moodlelib.php
View File

@ -1033,11 +1033,15 @@ function clean_param($param, $type) {
// Simulate the HTTPS version of the site.
$httpswwwroot = str_replace('http://', 'https://', $CFG->wwwroot);
if (preg_match(':^/:', $param)) {
if ($param === $CFG->wwwroot) {
// Exact match;
} else if (!empty($CFG->loginhttps) && $param === $httpswwwroot) {
// Exact match;
} else if (preg_match(':^/:', $param)) {
// Root-relative, ok!
} else if (preg_match('/^' . preg_quote($CFG->wwwroot, '/') . '/i', $param)) {
} else if (preg_match('/^' . preg_quote($CFG->wwwroot . '/', '/') . '/i', $param)) {
// Absolute, and matches our wwwroot.
} else if (!empty($CFG->loginhttps) && preg_match('/^' . preg_quote($httpswwwroot, '/') . '/i', $param)) {
} else if (!empty($CFG->loginhttps) && preg_match('/^' . preg_quote($httpswwwroot . '/', '/') . '/i', $param)) {
// Absolute, and matches our httpswwwroot.
} else {
// Relative - let's make sure there are no tricks.