Security Fix (#37675)

0xcrypto · web-flow · commit c50087d457d3 · 2021-06-13T10:47:49.000-05:00
Fixed dns_get_record loose check of A records for active_url rule. Tested on Laravel v8.46.0, PHP v8.0.7. This patch is related to security issue I reported at https://huntr.dev/bounties/2-laravel/framework/.
diff --git a/src/Illuminate/Validation/Concerns/ValidatesAttributes.php b/src/Illuminate/Validation/Concerns/ValidatesAttributes.php
@@ -59,7 +59,7 @@ public function validateActiveUrl($attribute, $value)
 
         if ($url = parse_url($value, PHP_URL_HOST)) {
             try {
-                return count(dns_get_record($url, DNS_A | DNS_AAAA)) > 0;
+                return count(dns_get_record($url.'.', DNS_A | DNS_AAAA)) > 0;
             } catch (Exception $e) {
                 return false;
             }

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ public function validateActiveUrl($attribute, $value)`
`59`	`59`
`60`	`60`	`if ($url = parse_url($value, PHP_URL_HOST)) {`
`61`	`61`	`try {`
`62`		`- return count(dns_get_record($url, DNS_A \| DNS_AAAA)) > 0;`
	`62`	`+ return count(dns_get_record($url.'.', DNS_A \| DNS_AAAA)) > 0;`
`63`	`63`	`} catch (Exception $e) {`
`64`	`64`	`return false;`
`65`	`65`	`}`