From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Mon, 8 Dec 2014 15:43:50 +0000 (-0500)
Subject: SECURITY: Fix CORS origin matching in the API
X-Git-Tag: 1.31.0-rc.0~12934
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/exercices/bilan.php?a=commitdiff_plain;h=5c352eaf09e6932f00b3f2d6ea085b07cdd0feed;p=lhc%2Fweb%2Fwiklou.git

SECURITY: Fix CORS origin matching in the API

Bug: T77028
Change-Id: I68c1ee5b5a048af2aba4e710bc301b09748389bf
---

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 81353f64b1..c03e513779 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -575,7 +575,7 @@ class ApiMain extends ApiBase {
 			$wildcard
 		);
 
-		return "/https?:\/\/$wildcard/";
+		return "/^https?:\/\/$wildcard$/";
 	}
 
 	protected function sendCacheHeaders() {