Make subdomain validation more restrictive

- Each subdomain part must have a length no greater than 63. - Each subdomain part must begin and end with an alpha-numeric (i.e. letters [A-Za-z] or digits [0-9]). - Each subdomain part may contain hyphens (dashes), but may not begin or end with a hyphen.
zendesk · Apr 14, 2021 · 60e0589 · 60e0589 · SmeegeSec · Apr 14, 2021
1 parent 93f5e74
commit 60e0589
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Zendesk/API/Utilities/OAuth.php b/src/Zendesk/API/Utilities/OAuth.php
@@ -83,7 +83,7 @@ public static function getAuthUrl($subdomain, array $options, $domain = 'zendesk
      */
     private static function validateSubdomain($subdomain)
     {
-        if (! preg_match('/^[0-9A-Za-z-]+$/', $subdomain)) {
+        if (! preg_match('/^[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?$/', $subdomain)) {
             throw new InvalidArgumentException('Invalid Zendesk subdomain.');
         }
     }