From 6cb72fcb7dddc5a21417ab0c032577844eccff52 Mon Sep 17 00:00:00 2001
From: mattab <matthieu.aubry@gmail.com>
Date: Wed, 8 Jul 2015 12:08:20 +0200
Subject: [PATCH] Fixes #8290 escape trusted hosts before calling preg_match to
 prevent PHP warning

---
 core/Url.php                   | 3 +++
 tests/PHPUnit/Unit/UrlTest.php | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/core/Url.php b/core/Url.php
index 3e38b4718a..7578088de4 100644
--- a/core/Url.php
+++ b/core/Url.php
@@ -240,9 +240,12 @@ class Url
             return true;
         }
 
+        // Escape trusted hosts for preg_match call below
         foreach ($trustedHosts as &$trustedHost) {
             $trustedHost = preg_quote($trustedHost);
         }
+        $trustedHosts = str_replace("/", "\\/", $trustedHosts);
+
         $untrustedHost = Common::mb_strtolower($host);
         $untrustedHost = rtrim($untrustedHost, '.');
 
diff --git a/tests/PHPUnit/Unit/UrlTest.php b/tests/PHPUnit/Unit/UrlTest.php
index 9ad2571be6..3153e43acc 100644
--- a/tests/PHPUnit/Unit/UrlTest.php
+++ b/tests/PHPUnit/Unit/UrlTest.php
@@ -231,6 +231,8 @@ class UrlTest extends \PHPUnit_Framework_TestCase
             array(false, 'www.example.com:8080', array('example.com'), 'host:port is valid'),
             array(true, 'www.example.com:8080', array('example.com:8080'), 'host:port is valid'),
             array(false, 'www.whatever.com', array('*.whatever.com'), 'regex char is escaped'),
+            array(false, 'www.whatever.com', array('www.whatever.com/abc'), 'with path starting with /a does not throw error'),
+            array(false, 'www.whatever.com', array('www.whatever.com/path/here'), 'with path starting with /p does not throw error'),
         );
     }
 
-- 
GitLab