diff options
author | smos <seth.mos@dds.nl> | 2011-08-21 13:03:50 +0200 |
---|---|---|
committer | smos <seth.mos@dds.nl> | 2011-08-21 13:03:50 +0200 |
commit | 4cf79fdd9b71f2b597a799aef6721511d1baa4de (patch) | |
tree | f5361a4b066985235f70bb0e7842d808e9f148c3 /etc/inc/auth.inc | |
parent | 385ed7d0a73b0263794d361e6b0431db3afa3ded (diff) | |
download | pfsense-4cf79fdd9b71f2b597a799aef6721511d1baa4de.zip pfsense-4cf79fdd9b71f2b597a799aef6721511d1baa4de.tar.gz |
Fix the DNS rebind Check for IPv6 addresses Ticket #1583
Diffstat (limited to 'etc/inc/auth.inc')
-rw-r--r-- | etc/inc/auth.inc | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 15bf2e2..7ad5291 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -58,14 +58,15 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ /* DNS ReBinding attack prevention. http://redmine.pfsense.org/issues/708 */ $found_host = false; - if(strstr($_SERVER['HTTP_HOST'], ":")) { - $http_host_port = explode(":", $_SERVER['HTTP_HOST']); + /* Either a IPv6 address with or without a alternate port */ + if(strstr($_SERVER['HTTP_HOST'], "]")) { + $http_host_port = explode("]", $_SERVER['HTTP_HOST']); /* v6 address has more parts, drop the last part */ if(count($http_host_port) > 1) { array_pop($http_host_port); $http_host = str_replace(array("[", "]"), "", implode(":", $http_host_port)); } else { - $http_host = $http_host_port[0]; + $http_host = str_replace(array("[", "]"), "", implode(":", $http_host_port)); } } else { $http_host = $_SERVER['HTTP_HOST']; |