* @todo fixme fails to detect 2-letter top-level domains for single-domain use (probably
* not a big problem in practice, but there are test cases)
*
- * @param string $domain the domain to validate
+ * @param string $domain The domain to validate
* @param string $originDomain (optional) the domain the cookie originates from
- * @return Boolean
+ * @return bool
*/
public static function validateCookieDomain( $domain, $originDomain = null ) {
- // Don't allow a trailing dot
- if ( substr( $domain, -1 ) == '.' ) {
+ $dc = explode( ".", $domain );
+
+ // Don't allow a trailing dot or addresses without a or just a leading dot
+ if ( substr( $domain, -1 ) == '.' ||
+ count( $dc ) <= 1 ||
+ count( $dc ) == 2 && $dc[0] === '' ) {
return false;
}