From 597d64c9194282f979e77ef74821c8120736217e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come@opensides.be>
Date: Wed, 5 Dec 2018 17:27:18 +0100
Subject: [PATCH] :ambulance: fix(CSRFProtection) Split HTTP_X_FORWARDED_HOST
 to take only the first value

If there are several proxies it may contain several values
 comma-separated

issue #5935
---
 include/class_CSRFProtection.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/class_CSRFProtection.inc b/include/class_CSRFProtection.inc
index a2d814888..9c80b84e5 100644
--- a/include/class_CSRFProtection.inc
+++ b/include/class_CSRFProtection.inc
@@ -56,7 +56,8 @@ class CSRFProtection
       $origin = preg_replace('|^[^/]+://([^/]+)(/.*)?$|', '\1', $origin);
       $target = FALSE;
       if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
-        $target = $_SERVER['HTTP_X_FORWARDED_HOST'];
+        /* Only take the first value, there may be several separated by commas */
+        list($target) = explode(',', $_SERVER['HTTP_X_FORWARDED_HOST'], 2);
       } else
       if (!empty($_SERVER['HTTP_HOST'])) {
         $target = $_SERVER['HTTP_HOST'];
-- 
GitLab