SECURITY: Fix CORS origin matching in the API

author Brad Jorsch <bjorsch@wikimedia.org>

Mon, 8 Dec 2014 15:43:50 +0000 (10:43 -0500)

committer mglaser <glaser@hallowelt.biz>

Wed, 17 Dec 2014 18:27:33 +0000 (19:27 +0100)
author Brad Jorsch <bjorsch@wikimedia.org>
Mon, 8 Dec 2014 15:43:50 +0000 (10:43 -0500)
committer mglaser <glaser@hallowelt.biz>
Wed, 17 Dec 2014 18:27:33 +0000 (19:27 +0100)
diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php

index 81353f6..c03e513 100644 (file)
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -575,7 +575,7 @@ class ApiMain extends ApiBase {
                         $wildcard
                 );
  
-               return "/https?:\/\/$wildcard/";
+               return "/^https?:\/\/$wildcard$/";
         }
  
         protected function sendCacheHeaders() {
author	Brad Jorsch <bjorsch@wikimedia.org>
	Mon, 8 Dec 2014 15:43:50 +0000 (10:43 -0500)
committer	mglaser <glaser@hallowelt.biz>
	Wed, 17 Dec 2014 18:27:33 +0000 (19:27 +0100)