Merge branch '5935-fatal-error-due-to-crsf-security' into '1.4-dev'

Resolve "Fatal error due to CRSF security" See merge request fusiondirectory/fd!475

Merge branch '5935-fatal-error-due-to-crsf-security' into '1.4-dev'
Resolve "Fatal error due to CRSF security" See merge request fusiondirectory/fd!475
555e9489 · Côme Chilliet · f44c2b8b · 597d64c9 · 555e9489
Commit 555e9489 authored 6 years ago by Côme Chilliet
Hide whitespace changes
Inline Side-by-side

Showing

with 2 additions and 1 deletion
+2 -1
--- a/include/class_CSRFProtection.inc
+++ b/include/class_CSRFProtection.inc
@@ -56,7 +56,8 @@ class CSRFProtection
      $origin = preg_replace('|^[^/]+://([^/]+)(/.*)?$|', '\1', $origin);
      $target = FALSE;
      if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
-        $target = $_SERVER['HTTP_X_FORWARDED_HOST'];
+        /* Only take the first value, there may be several separated by commas */
+        list($target) = explode(',', $_SERVER['HTTP_X_FORWARDED_HOST'], 2);
      } else
      if (!empty($_SERVER['HTTP_HOST'])) {
        $target = $_SERVER['HTTP_HOST'];