From c9afa60f6281dbaa2c5b0624ec818fc944c921e0 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 5 Sep 2014 14:10:35 +0200 Subject: [PATCH] Move trusted domain check to init() handleRequest() is not called from remote.php or public.php which made these files party available but all included apps in there produced errors. As the expected behaviour is anyways that a trusted domain warning is shown I moved this to init() Fixes https://github.com/owncloud/core/issues/10064 --- lib/base.php | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/lib/base.php b/lib/base.php index 18331dd86aa..fb445124011 100644 --- a/lib/base.php +++ b/lib/base.php @@ -583,6 +583,21 @@ class OC { ); return; } + + $host = OC_Request::insecureServerHost(); + // if the host passed in headers isn't trusted + if (!OC::$CLI + // overwritehost is always trusted + && OC_Request::getOverwriteHost() === null + && !OC_Request::isTrustedDomain($host) + ) { + header('HTTP/1.1 400 Bad Request'); + header('Status: 400 Bad Request'); + $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); + $tmpl->assign('domain', $_SERVER['SERVER_NAME']); + $tmpl->printPage(); + return; + } } private static function registerLocalAddressBook() { @@ -683,21 +698,6 @@ class OC { exit(); } - $host = OC_Request::insecureServerHost(); - // if the host passed in headers isn't trusted - if (!OC::$CLI - // overwritehost is always trusted - && OC_Request::getOverwriteHost() === null - && !OC_Request::isTrustedDomain($host) - ) { - header('HTTP/1.1 400 Bad Request'); - header('Status: 400 Bad Request'); - $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); - $tmpl->assign('domain', $_SERVER['SERVER_NAME']); - $tmpl->printPage(); - return; - } - $request = OC_Request::getPathInfo(); if (substr($request, -3) !== '.js') { // we need these files during the upgrade self::checkMaintenanceMode(); -- 2.39.5