diff --git a/config/config.sample.php b/config/config.sample.php
index 21e8e55069e94632a924acb004ec05caa25a0b2c..9c938eedd6065ec97d2e8eb9673bc11271bf9583 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -58,6 +58,12 @@ $CONFIG = array(
* Your list of trusted domains that users can log into. Specifying trusted
* domains prevents host header poisoning. Do not remove this, as it performs
* necessary security checks.
+ * You can specify:
+ * - the exact hostname of your host or virtual host, e.g. demo.example.org.
+ * - the exact hostname with permitted port, e.g. demo.example.org:443.
+ * This disallows all other ports on this host
+ * - use * as a wildcard, e.g. ubos-raspberry-pi*.local will allow
+ * ubos-raspberry-pi.local and ubos-raspberry-pi-2.local
*/
'trusted_domains' =>
array (
diff --git a/lib/private/Security/TrustedDomainHelper.php b/lib/private/Security/TrustedDomainHelper.php
index 75407ae39390a02eb7f183927e98e5f4b1396165..cf4def63dd3e105239d67b044f6690690ca935c6 100644
--- a/lib/private/Security/TrustedDomainHelper.php
+++ b/lib/private/Security/TrustedDomainHelper.php
@@ -70,7 +70,7 @@ class TrustedDomainHelper {
// Read trusted domains from config
$trustedList = $this->config->getSystemValue('trusted_domains', []);
- if(!is_array($trustedList)) {
+ if (!is_array($trustedList)) {
return false;
}
@@ -78,13 +78,20 @@ class TrustedDomainHelper {
if (preg_match(Request::REGEX_LOCALHOST, $domain) === 1) {
return true;
}
-
- // Compare with port appended
- if(in_array($domainWithPort, $trustedList, true)) {
- return true;
+ // Reject misformed domains in any case
+ if (strpos($domain,'-') === 0 || strpos($domain,'..') !== false) {
+ return false;
}
-
- return in_array($domain, $trustedList, true);
+ // Match, allowing for * wildcards
+ foreach ($trustedList as $trusted) {
+ if (gettype($trusted) !== 'string') {
+ break;
+ }
+ $regex = '/^' . join('[-\.a-zA-Z0-9]*', array_map(function($v) { return preg_quote($v, '/'); }, explode('*', $trusted))) . '$/';
+ if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) {
+ return true;
+ }
+ }
+ return false;
}
-
}
diff --git a/tests/lib/Security/TrustedDomainHelperTest.php b/tests/lib/Security/TrustedDomainHelperTest.php
index dfd51167ccaa67ac8623cd3e45e73b31be3de2ff..1beb7a667179533283bd78381686557b0c53f10b 100644
--- a/tests/lib/Security/TrustedDomainHelperTest.php
+++ b/tests/lib/Security/TrustedDomainHelperTest.php
@@ -49,6 +49,11 @@ class TrustedDomainHelperTest extends \Test\TestCase {
'host.two.test',
'[1fff:0:a88:85a3::ac1f]',
'host.three.test:443',
+ '*.leading.host',
+ 'trailing.host*',
+ 'cen*ter',
+ '*.leadingwith.port:123',
+ 'trailingwith.port*:456',
];
return [
// empty defaults to false with 8.1
@@ -76,7 +81,31 @@ class TrustedDomainHelperTest extends \Test\TestCase {
[$trustedHostTestList, 'localhost: evil.host', false],
// do not trust casting
[[1], '1', false],
+ // leading *
+ [$trustedHostTestList, 'abc.leading.host', true],
+ [$trustedHostTestList, 'abc.def.leading.host', true],
+ [$trustedHostTestList, 'abc.def.leading.host.another', false],
+ [$trustedHostTestList, 'abc.def.leading.host:123', true],
+ [$trustedHostTestList, 'leading.host', false],
+ // trailing *
+ [$trustedHostTestList, 'trailing.host', true],
+ [$trustedHostTestList, 'trailing.host.abc', true],
+ [$trustedHostTestList, 'trailing.host.abc.def', true],
+ [$trustedHostTestList, 'trailing.host.abc:123', true],
+ [$trustedHostTestList, 'another.trailing.host', false],
+ // center *
+ [$trustedHostTestList, 'center', true],
+ [$trustedHostTestList, 'cenxxxter', true],
+ [$trustedHostTestList, 'cen.x.y.ter', true],
+ // with port
+ [$trustedHostTestList, 'abc.leadingwith.port:123', true],
+ [$trustedHostTestList, 'abc.leadingwith.port:1234', false],
+ [$trustedHostTestList, 'trailingwith.port.abc:456', true],
+ [$trustedHostTestList, 'trailingwith.port.abc:123', false],
+ // bad hostname
+ [$trustedHostTestList, '-bad', false],
+ [$trustedHostTestList, '-bad.leading.host', false],
+ [$trustedHostTestList, 'bad..der.leading.host', false],
];
}
-
}