Merge "Remove Preferences::trySetUserEmail (deprecated 1.20)"

[lhc/web/wiklou.git] / includes / Cookie.php

diff --git a/includes/Cookie.php b/includes/Cookie.php
index b8d34e2..cb04190 100644 (file)
--- a/includes/Cookie.php
+++ b/includes/Cookie.php
@@ -90,13 +90,16 @@ class Cookie {
         * @return bool
         */
        public static function validateCookieDomain( $domain, $originDomain = null ) {
-               // Don't allow a trailing dot
-               if ( substr( $domain, -1 ) == '.' ) {
+               $dc = explode( ".", $domain );
+
+               // Don't allow a trailing dot or addresses without a or just a leading dot
+               if ( substr( $domain, -1 ) == '.' ||
+                       count( $dc ) <= 1 ||
+                       count( $dc ) == 2 && $dc[0] === ''
+               ) {
                        return false;
                }
 
-               $dc = explode( ".", $domain );
-
                // Only allow full, valid IP addresses
                if ( preg_match( '/^[0-9.]+$/', $domain ) ) {
                        if ( count( $dc ) != 4 ) {