X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/c324ad928dbdd54ce5b09eb0dabe60ef9de1ea38..refs/pull/5721/head:/app/Util/SsrUrlValidator.php

diff --git a/app/Util/SsrUrlValidator.php b/app/Util/SsrUrlValidator.php
index 722a45f7b..076a653fc 100644
--- a/app/Util/SsrUrlValidator.php
+++ b/app/Util/SsrUrlValidator.php
@@ -4,11 +4,16 @@ namespace BookStack\Util;
 
 use BookStack\Exceptions\HttpFetchException;
 
+/**
+ * Validate the host we're connecting to when making a server-side-request.
+ * Will use the given hosts config if given during construction otherwise
+ * will look to the app configured config.
+ */
 class SsrUrlValidator
 {
     protected string $config;
 
-    public function __construct(string $config = null)
+    public function __construct(?string $config = null)
     {
         $this->config = $config ?? config('app.ssr_hosts') ?? '';
     }
@@ -41,7 +46,7 @@ class SsrUrlValidator
 
     protected function urlMatchesPattern($url, $pattern): bool
     {
-        $pattern = trim($pattern);
+        $pattern = rtrim(trim($pattern), '/');
         $url = trim($url);
 
         if (empty($pattern) || empty($url)) {
@@ -51,7 +56,7 @@ class SsrUrlValidator
         $quoted = preg_quote($pattern, '/');
         $regexPattern = str_replace('\*', '.*', $quoted);
 
-        return preg_match('/^' . $regexPattern . '.*$/i', $url);
+        return preg_match('/^' . $regexPattern . '($|\/.*$|#.*$)/i', $url);
     }
 
     /**