Sanitize CORS value before insert

2021-10-07 19:04:01 +02:00 · 2021-10-07 19:04:01 +02:00 · 46685f45aa
parent 5a8e26c534
commit 46685f45aa
1 changed files with 10 additions and 1 deletions
--- a/airtime_mvc/application/models/Preference.php
+++ b/airtime_mvc/application/models/Preference.php
@ -1556,7 +1556,16 @@ class Application_Model_Preference
     * @param string $value
     * @return void
     */
-    public static function SetAllowedCorsUrls($value) {
+    public static function SetAllowedCorsUrls($value)
+    {
+        // Trim and strip trailing slash for each entry
+        $value = implode(PHP_EOL, array_map(
+            function ($v) {
+                return rtrim(trim($v), '/');
+            },
+            explode(PHP_EOL, $value)
+        ));
+
        self::setValue('allowed_cors_urls', $value);
    }