From f5c6285240ec124bded37705382b419150ddceda Mon Sep 17 00:00:00 2001 From: Fred Condo Date: Fri, 3 May 2013 16:07:25 -0700 Subject: [PATCH] Anchor regex in Director#is_absolute_url() - Anchor the regex to the beginning of the string - Change the regex delimiter to reduce the amount of \ clutter --- control/Director.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/control/Director.php b/control/Director.php index 7f1d9f5b5..d63ffde35 100644 --- a/control/Director.php +++ b/control/Director.php @@ -579,7 +579,7 @@ class Director implements TemplateGlobalProvider { // Check for more than one leading slash without a protocol. // While not a RFC compliant absolute URL, it is completed to a valid URL by some browsers, // and hence a potential security risk. Single leading slashes are not an issue though. - || preg_match('/\s*[\/]{2,}/', $url) + || preg_match('%^\s*/{2,}%', $url) || ( // If a colon is found, check if it's part of a valid scheme definition // (meaning its not preceded by a slash).