Added additional verification of host domain in password reset.

Kristan Kenney · Kristan Kenney · commit cd5d3c0e476e · 2020-03-23T11:10:24.000-03:00
Thanks to @FalzoMAD and @mmetince - this commit fixes hestiacp#748
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
 
 ### Bugfixes
 - Fixed phpMyAdmin blowfish and tmp directory issues.
+- Added additional verification of host domain in password reset. Thanks to @FalzoMAD and @mmetince!
 
 ## [1.1.0] - 2020-03-11 - Major Release (Feature / Quality Update)
 ### Features
diff --git a/web/reset/index.php b/web/reset/index.php
@@ -30,13 +30,16 @@
         } else {
             $mailtext = __('GREETINGS');
         }
-        $mailtext .= __('PASSWORD_RESET_REQUEST',$_SERVER['HTTP_HOST'],$user,$rkey,$_SERVER['HTTP_HOST'],$user,$rkey);
-        if (!empty($rkey)) send_email($to, $subject, $mailtext, $from);
+        if (in_array(str_replace(':'.$_SERVER['SERVER_PORT'],'.conf',$_SERVER['HTTP_HOST']), array_merge(scandir('/etc/nginx/conf.d'),scandir('/etc/nginx/conf.d/domains'),scandir('/etc/apache2/conf.d/domains'),scandir('/etc/apache2/conf.d')))){
+            $mailtext .= __('PASSWORD_RESET_REQUEST',$_SERVER['HTTP_HOST'],$user,$rkey,$_SERVER['HTTP_HOST'],$user,$rkey);
+            if (!empty($rkey)) send_email($to, $subject, $mailtext, $from);
+            header("Location: /reset/?action=code&user=".$_POST['user']);
+            exit;
+        } else {
+            $ERROR = "<a class=\"error\">".__('Invalid host domain')."</a>";
+        }
         unset($output);
     }
-
-    header("Location: /reset/?action=code&user=".$_POST['user']);
-    exit;
 }
 
 if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['password'])) ) {
