webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-08-06 12:02:45 +03:00
Code Activity

SSR: Updated allow list handling & covered webhook usage

Browse Source 
- Covered webhook SSR allow list useage via test.
- Updated allow list handling to use trailing slash, or hash, or end of
  line as late anchor for better handling for hosts (prevent .co.uk
passing for .co domain host)
This commit is contained in:
Dan Brown
2023-08-26 20:13:37 +01:00
parent c324ad928d
commit 903895814a
3 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/Unit/SsrUrlValidatorTest.php
View File

@@ -25,6 +25,9 @@ class SsrUrlValidatorTest extends TestCase
['config' => 'https://*.example.com', 'url' => 'https://test.example.com', 'result' => true],
['config' => '*//example.com', 'url' => 'https://example.com', 'result' => true],
['config' => '*//example.com', 'url' => 'http://example.com', 'result' => true],
['config' => '*//example.co', 'url' => 'http://example.co.uk', 'result' => false],
['config' => '*//example.co/bookstack', 'url' => 'https://example.co/bookstack/a/path', 'result' => true],
['config' => '*//example.co*', 'url' => 'https://example.co.uk/bookstack/a/path', 'result' => true],
['config' => 'https://example.com', 'url' => 'https://example.com/a/b/c?test=cat', 'result' => true],
['config' => 'https://example.com', 'url' => 'https://example.co.uk', 'result' => false],