Accept optional leading slash

LimeSurvey · Nov 4, 2023 · 22ffba6 · 22ffba6
1 parent ae12ad1
commit 22ffba6
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/application/core/LSHttpRequest.php b/application/core/LSHttpRequest.php
@@ -264,6 +264,6 @@ public static function routeMatchesNoCsrfValidationRule($route, $rule)
         // For example the routes "rest" (in the case of "index.php/rest?...") or "rest/..." (in the case of
         // "index.php/rest/...") should be matched by the rule "rest", but the route "admin/menus/sa/restore"
         // should not.
-        return preg_match('#^' . $rule . '$|^' . $rule . '/#', (string) $route);
+        return preg_match('#/?(^' . $rule . '$)|(^' . $rule . '/)#', (string) $route);
     }
 }
diff --git a/tests/unit/CsrfHttpRequestTest.php b/tests/unit/CsrfHttpRequestTest.php
@@ -43,6 +43,7 @@ public function testRemoteControlRoutesSkipCsrfValidation()
         $routes = array(
             'admin/remotecontrol/actionOnItemById/15',
             'admin/remotecontrol/action',
+            '/admin/remotecontrol',
         );
 
         foreach ($routes as $route) {