X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FCookie.php;h=cb041904b86decf7ecb8e4618a6b385436d7609c;hb=5ada6805d264034cc8b3811238403046d9b33c4b;hp=b8d34e23cfb05629bc72d331be5ab6cc6e9909c2;hpb=75e46771dc4a848ef116001a74c3c1a54c3af695;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/Cookie.php b/includes/Cookie.php
index b8d34e23cf..cb041904b8 100644
--- a/includes/Cookie.php
+++ b/includes/Cookie.php
@@ -90,13 +90,16 @@ class Cookie {
 	 * @return bool
 	 */
 	public static function validateCookieDomain( $domain, $originDomain = null ) {
-		// Don't allow a trailing dot
-		if ( substr( $domain, -1 ) == '.' ) {
+		$dc = explode( ".", $domain );
+
+		// Don't allow a trailing dot or addresses without a or just a leading dot
+		if ( substr( $domain, -1 ) == '.' ||
+			count( $dc ) <= 1 ||
+			count( $dc ) == 2 && $dc[0] === ''
+		) {
 			return false;
 		}
 
-		$dc = explode( ".", $domain );
-
 		// Only allow full, valid IP addresses
 		if ( preg_match( '/^[0-9.]+$/', $domain ) ) {
 			if ( count( $dc ) != 4 ) {