Fixes U4-7457 Server side request forgery (xsrf) in feedproxy.aspx

2015-11-25 18:05:57 +01:00
parent a02b41e9d2
commit 924a016ffe
1 changed files with 3 additions and 1 deletions
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs
@@ -27,7 +27,9 @@ namespace dashboardUtilities
                        if (Uri.TryCreate(url, UriKind.Absolute, out requestUri))
                        {
                            var feedProxyXml = xmlHelper.OpenAsXmlDocument(IOHelper.MapPath(SystemFiles.FeedProxyConfig));
-                            if (feedProxyXml != null && feedProxyXml.SelectSingleNode(string.Concat("//allow[@host = '", requestUri.Host, "']")) != null)
+                            if (feedProxyXml != null 
+                                && feedProxyXml.SelectSingleNode(string.Concat("//allow[@host = '", requestUri.Host, "']")) != null
+                                && requestUri.Port == 80)
                            {
                                using (var client = new WebClient())
                                {