Closed sanmai closed 4 months ago
This PR backports subdomain validation from #466, necessary to fix CVE-2021-30492.
I also added/fixed tests. Here's how you can run them:
php vendor/bin/phpunit tests/Zendesk/API/UnitTests/InvalidSubdomainTest.php php vendor/bin/phpunit tests/Zendesk/API/UnitTests/OrganizationsTest.php
All should be left is to tag a new release, update the Packagist registry, and tweak CVE-2021-30492 to mark this new version as unaffected.
Please review my comments.
Alternatively, I'll be happy to close this PR as it looks like it is no longer necessary for my cause.
This PR backports subdomain validation from #466, necessary to fix CVE-2021-30492.
I also added/fixed tests. Here's how you can run them:
All should be left is to tag a new release, update the Packagist registry, and tweak CVE-2021-30492 to mark this new version as unaffected.