fix: address security review findings
This commit is contained in:
+31
-1
@@ -153,7 +153,7 @@ final class Settings
|
||||
*/
|
||||
public function trustedProxies(): array
|
||||
{
|
||||
return $this->csvHosts('MAIL_LOGIN_TRUSTED_PROXIES');
|
||||
return $this->csvNetworks('MAIL_LOGIN_TRUSTED_PROXIES');
|
||||
}
|
||||
|
||||
public function sshHost(): string
|
||||
@@ -226,6 +226,36 @@ final class Settings
|
||||
return array_values(array_unique($out));
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<string>
|
||||
*/
|
||||
private function csvNetworks(string $key): array
|
||||
{
|
||||
$raw = $this->getString($key, '');
|
||||
if ($raw === '') {
|
||||
return [];
|
||||
}
|
||||
$out = [];
|
||||
foreach (explode(',', $raw) as $item) {
|
||||
$item = trim($item);
|
||||
if ($item === '') {
|
||||
continue;
|
||||
}
|
||||
if (str_contains($item, '/')) {
|
||||
[$ip, $prefix] = explode('/', $item, 2);
|
||||
if (filter_var($ip, FILTER_VALIDATE_IP) && preg_match('/^[0-9]+$/', $prefix)) {
|
||||
$out[] = $ip . '/' . $prefix;
|
||||
}
|
||||
} else {
|
||||
$host = self::normalizeHost($item);
|
||||
if ($host !== '') {
|
||||
$out[] = $host;
|
||||
}
|
||||
}
|
||||
}
|
||||
return array_values(array_unique($out));
|
||||
}
|
||||
|
||||
private function validate(): void
|
||||
{
|
||||
$ttlRaw = $this->getString('LOGIN_KEY_TTL', '');
|
||||
|
||||
Reference in New Issue
Block a user