Skip to content
Permalink
Browse files

Fixes U4-7457 Server side request forgery (xsrf) in feedproxy.aspx

  • Loading branch information...
Shazwazza committed Nov 25, 2015
1 parent a02b41e commit 924a016ffe7ae7ea6d516c07a7852f0095eddbce
Showing with 3 additions and 1 deletion.
  1. +3 −1 src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs
@@ -27,7 +27,9 @@ protected void Page_Load(object sender, EventArgs e)
if (Uri.TryCreate(url, UriKind.Absolute, out requestUri))
{
var feedProxyXml = xmlHelper.OpenAsXmlDocument(IOHelper.MapPath(SystemFiles.FeedProxyConfig));
if (feedProxyXml != null && feedProxyXml.SelectSingleNode(string.Concat("//allow[@host = '", requestUri.Host, "']")) != null)
if (feedProxyXml != null
&& feedProxyXml.SelectSingleNode(string.Concat("//allow[@host = '", requestUri.Host, "']")) != null
&& requestUri.Port == 80)
{
using (var client = new WebClient())
{

0 comments on commit 924a016

Please sign in to comment.
You can’t perform that action at this time.