From b2d580f3c93519ceb72eeaf39e64546bdbcb7f6f Mon Sep 17 00:00:00 2001 From: Dan Stillman <dstillman@zotero.org> Date: Thu, 13 Oct 2016 01:16:01 -0400 Subject: [PATCH] Fix Host check regexp from 10ad4c337 (And don't allow 127.0.0.1.evil.com) --- chrome/content/zotero/xpcom/server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chrome/content/zotero/xpcom/server.js b/chrome/content/zotero/xpcom/server.js index e0f49d80a7..e667ca1f19 100755 --- a/chrome/content/zotero/xpcom/server.js +++ b/chrome/content/zotero/xpcom/server.js @@ -237,7 +237,7 @@ Zotero.Server.DataListener.prototype._headerFinished = function() { Zotero.debug(this.header, 5); const methodRe = /^([A-Z]+) ([^ \r\n?]+)(\?[^ \r\n]+)?/; - const hostRe = /[\r\n]Host: *127\.0\.0\.1(:[0-9]+)?([^ \r\n]+)/i; + const hostRe = /[\r\n]Host: *127\.0\.0\.1(:[0-9]+)?[\r\n]/i; const contentTypeRe = /[\r\n]Content-Type: *([^ \r\n]+)/i; if(!Zotero.isServer) {