Perms: Fixed some issues made when adding transactions

[bookstack] / app / Util / SsrUrlValidator.php

diff --git a/app/Util/SsrUrlValidator.php b/app/Util/SsrUrlValidator.php
index 722a45f7b6c13109cb7245fbcbd77d2866bc8786..076a653fc86752e9f94b8cd7f93c72748c0f34ac 100644 (file)
--- a/app/Util/SsrUrlValidator.php
+++ b/app/Util/SsrUrlValidator.php
@@ -4,11 +4,16 @@ namespace BookStack\Util;
 
 use BookStack\Exceptions\HttpFetchException;
 
+/**
+ * Validate the host we're connecting to when making a server-side-request.
+ * Will use the given hosts config if given during construction otherwise
+ * will look to the app configured config.
+ */
 class SsrUrlValidator
 {
     protected string $config;
 
-    public function __construct(string $config = null)
+    public function __construct(?string $config = null)
     {
         $this->config = $config ?? config('app.ssr_hosts') ?? '';
     }
@@ -41,7 +46,7 @@ class SsrUrlValidator
 
     protected function urlMatchesPattern($url, $pattern): bool
     {
-        $pattern = trim($pattern);
+        $pattern = rtrim(trim($pattern), '/');
         $url = trim($url);
 
         if (empty($pattern) || empty($url)) {
@@ -51,7 +56,7 @@ class SsrUrlValidator
         $quoted = preg_quote($pattern, '/');
         $regexPattern = str_replace('\*', '.*', $quoted);
 
-        return preg_match('/^' . $regexPattern . '.*$/i', $url);
+        return preg_match('/^' . $regexPattern . '($|\/.*$|#.*$)/i', $url);
     }
 
     /**