]> source.dussan.org Git - nextcloud-server.git/commit
projects / nextcloud-server.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 70937da) | patch
Do only follow HTTP and HTTPS redirects
authorLukas Reschke <lukas@owncloud.com>
Thu, 11 Sep 2014 17:21:56 +0000 (19:21 +0200)
committerLukas Reschke <lukas@owncloud.com>
Mon, 22 Sep 2014 18:02:32 +0000 (20:02 +0200)
commit6eeb905871fc7a671f99fd22c2592358a6abc02d
tree391889ddb92d83a766a109cd7fc6bd58a4805691tree | snapshot
parent70937dabcdf60a047000347523bfee7a53e673e6commit | diff
Do only follow HTTP and HTTPS redirects

We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)

Get final redirect manually using get_headers()

Migrate to HTTPHelper class and add unit tests
apps/files/ajax/newfile.php diff | blob | history
lib/private/files/storage/dav.php diff | blob | history
lib/private/httphelper.php [new file with mode: 0644] blob
lib/private/server.php diff | blob | history
lib/private/user/http.php diff | blob | history
lib/private/util.php diff | blob | history
lib/public/iservercontainer.php diff | blob | history
tests/lib/httphelper.php [new file with mode: 0644] blob
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server