or ($type !== 'protocol' and OC_Config::getValue('forcessl', false));
}
- /**
- * @brief Checks whether a domain is considered as trusted. This is used to prevent Host Header Poisoning.
- * @param string $host
- * @return bool
- */
- public static function isTrustedDomain($domain) {
- $trustedList = \OC_Config::getValue('trusted_domains', array(''));
- return in_array($domain, $trustedList);
- }
-
/**
* @brief Returns the server host
* @returns string the server host
$host = trim(array_pop(explode(",", $_SERVER['HTTP_X_FORWARDED_HOST'])));
}
else{
- $host = $_SERVER['HTTP_X_FORWARDED_HOST'];
+ $host=$_SERVER['HTTP_X_FORWARDED_HOST'];
}
- } else {
+ }
+ else{
if (isset($_SERVER['HTTP_HOST'])) {
- $host = $_SERVER['HTTP_HOST'];
+ return $_SERVER['HTTP_HOST'];
}
if (isset($_SERVER['SERVER_NAME'])) {
- $host = $_SERVER['SERVER_NAME'];
+ return $_SERVER['SERVER_NAME'];
}
+ return 'localhost';
}
-
- // Verify that the host is a trusted domain if the trusted domains
- // are defined
- // If no trusted domain is provided the first trusted domain is returned
- if(self::isTrustedDomain($host) || \OC_Config::getValue('trusted_domains', "") === "") {
- return $host;
- } else {
- $trustedList = \OC_Config::getValue('trusted_domains', array(''));
- return $trustedList[0];
- }
+ return $host;
}
+
/**
* @brief Returns the server protocol
* @returns string the server protocol
}
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
$proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']);
- // Verify that the protocol is always HTTP or HTTPS
- // default to http if an invalid value is provided
- return $proto === 'https' ? 'https' : 'http';
- }
- if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
- return 'https';
+ }else{
+ if(isset($_SERVER['HTTPS']) and !empty($_SERVER['HTTPS']) and ($_SERVER['HTTPS']!='off')) {
+ $proto = 'https';
+ }else{
+ $proto = 'http';
+ }
}
- return 'http';
+ return $proto;
}
/**
OC_Config::setValue('passwordsalt', $salt);
//write the config file
- OC_Config::setValue('trusted_domains', array(OC_Request::serverHost()));
OC_Config::setValue('datadirectory', $datadir);
OC_Config::setValue('dbtype', $dbtype);
OC_Config::setValue('version', implode('.', OC_Util::getVersion()));
$currentVersion = implode('.', \OC_Util::getVersion());
\OC_Log::write('core', 'starting upgrade from ' . $installedVersion . ' to ' . $currentVersion, \OC_Log::WARN);
$this->emit('\OC_Updater', 'maintenanceStart');
-
- /*
- * START CONFIG CHANGES FOR OLDER VERSIONS
- */
- if (version_compare($currentVersion, '5.00.29', '<')) {
- // Add the overwriteHost config if it is not existant
- // This is added to prevent host header poisoning
- \OC_Config::setValue('trusted_domains', \OC_Config::getValue('trusted_domains', array(\OC_Request::serverHost())));
- }
- /*
- * STOP CONFIG CHANGES FOR OLDER VERSIONS
- */
-
try {
\OC_DB::updateDbFromStructure(\OC::$SERVERROOT . '/db_structure.xml');
$this->emit('\OC_Updater', 'dbUpgrade');
}
$this->emit('\OC_Updater', 'filecacheDone');
}
-}
+}
\ No newline at end of file
projects / nextcloud-server.git / commitdiff