]> source.dussan.org Git - nextcloud-server.git/commit
projects / nextcloud-server.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5de19f3) | patch
Do only follow HTTP and HTTPS redirects
authorLukas Reschke <lukas@owncloud.com>
Thu, 11 Sep 2014 17:21:56 +0000 (19:21 +0200)
committerLukas Reschke <lukas@owncloud.com>
Tue, 23 Sep 2014 10:05:34 +0000 (12:05 +0200)
commitb2798afef5f7137484bb19e432014b7d8a088e22
tree1981ff91a8ff109a212c7814e30f7a2d5b0ddb93tree | snapshot
parent5de19f38c4120dbf63ffd135721443633ed7dfa1commit | diff
Do only follow HTTP and HTTPS redirects

We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)

Get final redirect manually using get_headers()

Migrate to HTTPHelper class and add unit tests

Conflicts:
apps/files/ajax/newfile.php
lib/private/files/storage/dav.php
lib/private/server.php
lib/private/util.php
lib/public/iservercontainer.php
apps/files/ajax/newfile.php diff | blob | history
lib/private/httphelper.php [new file with mode: 0644] blob
lib/private/server.php diff | blob | history
lib/private/user/http.php diff | blob | history
lib/private/util.php diff | blob | history
lib/public/iservercontainer.php diff | blob | history
tests/lib/httphelper.php [new file with mode: 0644] blob
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server