From 343ee2ae7b72c95bd34b4921f77a4959ce7ebf2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come@opensides.be>
Date: Wed, 5 Dec 2018 16:39:04 +0000
Subject: [PATCH] Merge branch '5935-fatal-error-due-to-crsf-security' into
 '1.4-dev'

Resolve "Fatal error due to CRSF security"

See merge request fusiondirectory/fd!475

(cherry picked from commit 555e9489078821102fdee3893331a1841441e32d)

597d64c9 :ambulance: fix(CSRFProtection) Split HTTP_X_FORWARDED_HOST to take only the first value
---
 include/class_CSRFProtection.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/class_CSRFProtection.inc b/include/class_CSRFProtection.inc
index 3ab2b6a5f..27a63f8ef 100644
--- a/include/class_CSRFProtection.inc
+++ b/include/class_CSRFProtection.inc
@@ -56,7 +56,8 @@ class CSRFProtection
       $origin = preg_replace('|^[^/]+://([^/]+)(/.*)?$|', '\1', $origin);
       $target = FALSE;
       if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
-        $target = $_SERVER['HTTP_X_FORWARDED_HOST'];
+        /* Only take the first value, there may be several separated by commas */
+        list($target) = explode(',', $_SERVER['HTTP_X_FORWARDED_HOST'], 2);
       } else
       if (!empty($_SERVER['HTTP_HOST'])) {
         $target = $_SERVER['HTTP_HOST'];
-- 
GitLab