kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-31 10:47:00 +00:00
Code Issues Projects Releases Wiki Activity

Add host header validation

Browse Source
This commit is contained in:
James Cole
2024-02-17 08:18:49 +01:00
parent b37b5b86d4
commit 997dc3814b
3 changed files with 23 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/Http/Controllers/Auth/ForgotPasswordController.php
View File

@@ -68,6 +68,9 @@ class ForgotPasswordController extends Controller
return view('error', compact('message'));
}
// validate host header.
$this->validateHost();
$this->validateEmail($request);
// verify if the user is not a demo user. If so, we give him back an error.
@@ -118,4 +121,19 @@ class ForgotPasswordController extends Controller
return view('auth.passwords.email')->with(compact('allowRegistration', 'pageTitle'));
}
/**
* @return void
* @throws FireflyException
*/
private function validateHost(): void {
$configuredHost = parse_url((string)config('app.url'), PHP_URL_HOST);
if(false === $configuredHost || null === $configuredHost) {
throw new FireflyException('Please set a valid and correct Firefly III URL in the APP_URL environment variable.');
}
$host = request()->host();
if($configuredHost !== $host) {
throw new FireflyException('The Host-header does not match the host in the APP_URL environment variable. Please make sure these match. See also: https://bit.ly/FF3-host-header');
}
}
}