diff options
| author | wn_ <[email protected]> | 2017-04-23 13:55:14 -0500 |
|---|---|---|
| committer | wn_ <[email protected]> | 2017-04-23 15:13:07 -0500 |
| commit | f2fbb4ee7ef1c3cafefc7c78f57b685644996667 (patch) | |
| tree | 78ef159b6b4740264185a4f192c16a3337ef0c5c /plugins | |
| parent | ed0f2a6c974987033f0400924a7d328f92fe096d (diff) | |
Compare end of domains when checking known SSL whitelist.
For example: "imgur.com.mysite.com" should not match the "imgur.com" whitelist entry.
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/af_zz_imgproxy/init.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/af_zz_imgproxy/init.php b/plugins/af_zz_imgproxy/init.php index 5fab3b7b8..8419b8a87 100644 --- a/plugins/af_zz_imgproxy/init.php +++ b/plugins/af_zz_imgproxy/init.php @@ -124,7 +124,7 @@ class Af_Zz_ImgProxy extends Plugin { $parts = parse_url($url); foreach (explode(" " , $this->ssl_known_whitelist) as $host) { - if (strpos($parts['host'], $host) !== FALSE) { + if (substr(strtolower($parts['host']), -strlen($host)) === strtolower($host)) { $parts['scheme'] = 'https'; return build_url($parts); |