chore: add domain check to avoid introducing CVE-2018-1000007 in work…

…around
oat-sa · Feb 5, 2024 · 77cf4d6 · 77cf4d6
1 parent 9ebef12
commit 77cf4d6
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/common/http/class.Request.php b/common/http/class.Request.php
@@ -256,13 +256,20 @@ public function send(bool $followRedirects = false): common_http_Response
         $httpResponse->responseData = $responseData;
 
         $redirectUrl = curl_getinfo($curlHandler, CURLINFO_REDIRECT_URL);
+        $sameDomain = null;
+        if ($redirectUrl) {
+            $initialDomain = parse_url($this->getUrl(), PHP_URL_HOST);
+            $redirectDomain = parse_url($redirectUrl, PHP_URL_HOST);
+
+            $sameDomain = ($initialDomain === $redirectDomain);
+        }
 
         //curl_setopt($curlHandler, );
         curl_close($curlHandler);
 
         if (
             $followRedirects
-            && $redirectUrl
+            && $sameDomain
             && in_array($httpResponse->httpCode, self::REDIRECT_CODES, true)
         ) {
             $this->url = $redirectUrl;