From c50087d457d3b2e2839f2e8b080f40832f4f7e46 Mon Sep 17 00:00:00 2001
From: 0xcrypto <vikrantcode@gmail.com>
Date: Sun, 13 Jun 2021 21:17:49 +0530
Subject: [PATCH] Security Fix (#37675)

Fixed dns_get_record loose check of A records for active_url rule.

Tested on Laravel v8.46.0, PHP v8.0.7.

This patch is related to security issue I reported at https://huntr.dev/bounties/2-laravel/framework/.
---
 src/Illuminate/Validation/Concerns/ValidatesAttributes.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Illuminate/Validation/Concerns/ValidatesAttributes.php b/src/Illuminate/Validation/Concerns/ValidatesAttributes.php
index a35ddd6c3436..19e01cbb2cb4 100644
--- a/src/Illuminate/Validation/Concerns/ValidatesAttributes.php
+++ b/src/Illuminate/Validation/Concerns/ValidatesAttributes.php
@@ -59,7 +59,7 @@ public function validateActiveUrl($attribute, $value)
 
         if ($url = parse_url($value, PHP_URL_HOST)) {
             try {
-                return count(dns_get_record($url, DNS_A | DNS_AAAA)) > 0;
+                return count(dns_get_record($url.'.', DNS_A | DNS_AAAA)) > 0;
             } catch (Exception $e) {
                 return false;
             }