Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix(FEC-12267): Fix XSS Vulnerability in mwEmbed - enforce valid doma…
…in format (#4266)

ignore non valid hostname in HTTP_X_FORWARDED_HOST header (same regex as [the server](https://github.com/kaltura/server/blob/Rigel-18.6.0/infra/storage/file_transfer_managers/asperaMgr.class.php#L81))
  • Loading branch information
yairans committed May 29, 2022
1 parent 0afca97 commit 13b8812
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions includes/DefaultSettings.php
Expand Up @@ -10,8 +10,12 @@
{
// support multiple hosts (comma separated) in HTTP_X_FORWARDED_HOST
$xForwardedHosts = explode(',', $_SERVER['HTTP_X_FORWARDED_HOST']);
$_SERVER["HTTP_HOST"] = $xForwardedHosts[0];
$_SERVER["SERVER_NAME"] = $xForwardedHosts[0];
$VALID_HOSTNAME_PATTERN = "/^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$/";
if (preg_match($VALID_HOSTNAME_PATTERN, $xForwardedHosts[0]) === 1)
{
$_SERVER["HTTP_HOST"] = $xForwardedHosts[0];
$_SERVER["SERVER_NAME"] = $xForwardedHosts[0];
}
}

// The default cache directory
Expand Down

0 comments on commit 13b8812

Please sign in to comment.