Move overwritehost check to isTrustedDomain

Signed-off-by: Julius Härtl <jus@bitgrid.net>

diff --git a/lib/base.php b/lib/base.php
index 735bb8b77252abcec41905ab43c8a53fdb236ab8..2f2a0e27326f4c51e38928b10b6684e25d8bc46e 100644 (file)
--- a/lib/base.php
+++ b/lib/base.php
@@ -748,9 +748,6 @@ class OC {
                 * FIXME: Should not be in here at all :see_no_evil:
                 */
                if (!OC::$CLI
-                       // overwritehost is always trusted, workaround to not have to make
-                       // \OC\AppFramework\Http\Request::getOverwriteHost public
-                       && self::$server->getConfig()->getSystemValue('overwritehost') === ''
                        && !\OC::$server->getTrustedDomainHelper()->isTrustedDomain($host)
                        && self::$server->getConfig()->getSystemValue('installed', false)
                ) {

diff --git a/lib/private/Security/TrustedDomainHelper.php b/lib/private/Security/TrustedDomainHelper.php
index 5237767d8ea3d36b14eda71cf36e85d388cf993d..a05e0dcff2ebe17bcbb4da26c206d0aa272e0ae3 100644 (file)
--- a/lib/private/Security/TrustedDomainHelper.php
+++ b/lib/private/Security/TrustedDomainHelper.php
@@ -69,6 +69,11 @@ class TrustedDomainHelper {
         * have been configured
         */
        public function isTrustedDomain($domainWithPort) {
+               // overwritehost is always trusted
+               if ($this->config->getSystemValue('overwritehost') !== '') {
+                       return true;
+               }
+
                $domain = $this->getDomainWithoutPort($domainWithPort);
 
                // Read trusted domains from config

diff --git a/tests/lib/Security/TrustedDomainHelperTest.php b/tests/lib/Security/TrustedDomainHelperTest.php
index 25586a1bc27440d8666852b0199e3ce6e153797d..973ff29e46f69b681b6412555058196c8a797080 100644 (file)
--- a/tests/lib/Security/TrustedDomainHelperTest.php
+++ b/tests/lib/Security/TrustedDomainHelperTest.php
@@ -31,7 +31,11 @@ class TrustedDomainHelperTest extends \Test\TestCase {
         * @param bool $result
         */
        public function testIsTrustedDomain($trustedDomains, $testDomain, $result) {
-               $this->config->expects($this->once())
+               $this->config->expects($this->at(0))
+                       ->method('getSystemValue')
+                       ->with('overwritehost')
+                       ->will($this->returnValue(''));
+               $this->config->expects($this->at(1))
                        ->method('getSystemValue')
                        ->with('trusted_domains')
                        ->will($this->returnValue($trustedDomains));
@@ -108,4 +112,15 @@ class TrustedDomainHelperTest extends \Test\TestCase {
                        [$trustedHostTestList, 'bad..der.leading.host', false],
                ];
        }
+
+       public function testIsTrustedDomainOverwriteHost() {
+               $this->config->expects($this->at(0))
+                       ->method('getSystemValue')
+                       ->with('overwritehost')
+                       ->will($this->returnValue('myproxyhost'));
+
+               $trustedDomainHelper = new TrustedDomainHelper($this->config);
+               $this->assertTrue($trustedDomainHelper->isTrustedDomain('myproxyhost'));
+               $this->assertTrue($trustedDomainHelper->isTrustedDomain('myotherhost'));
+       }
 }