From 1fce0ea1a844cf2831a9934bd951e8d1d3f4aaca Mon Sep 17 00:00:00 2001
From: Jonathan Rainier <jonathan@rainier.tech>
Date: Wed, 22 Feb 2023 20:02:25 -0500
Subject: [PATCH] fix vulnerability with http domain filter checks

- requires the domain uuid and host request domain uuid match if http_domain_filter is enabled
---
 app/provision/index.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/provision/index.php b/app/provision/index.php
index 0cc3a59129..b9e2400eb0 100644
--- a/app/provision/index.php
+++ b/app/provision/index.php
@@ -173,6 +173,11 @@
 			$database = new database;
 			$domain_uuid = $database->select($sql, $parameters, 'column');
 			unset($sql, $parameters);
+
+			// if the session domain doesn't match the host domain, don't allow provisioning to continue
+			if ($_SESSION['domain_uuid'] != $domain_uuid) {
+				http_error('404');
+			}
 	}
 
 //get the default settings