Browse Source
fix(settings): Also verify that `trusted_proxies` only contains IP addresses (with range)
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>tags/v29.0.0beta6
Ferdinand Thiessen
1 month ago
1 changed files with 10 additions and 0 deletions
+ 10
- 0
apps/settings/lib/SetupChecks/ForwardedForHeaders.php
View File
| @@ -59,6 +59,16 @@ class ForwardedForHeaders implements ISetupCheck { | |||
| return SetupResult::error($this->l10n->t('Your "trusted_proxies" setting is not correctly set, it should be an array.')); | |||
| } | |||
| foreach ($trustedProxies as $proxy) { | |||
| $addressParts = explode('/', $proxy, 2); | |||
| if (filter_var($addressParts[0], FILTER_VALIDATE_IP) === false || !ctype_digit($addressParts[1] ?? '24')) { | |||
| return SetupResult::error( | |||
| $this->l10n->t('Your "trusted_proxies" setting is not correctly set, it should be an array of IP addresses - optionally with range in CIDR notation.'), | |||
| $this->urlGenerator->linkToDocs('admin-reverse-proxy'), | |||
| ); | |||
| } | |||
| } | |||
| if (($remoteAddress === '') && ($detectedRemoteAddress === '')) { | |||
| if (\OC::$CLI) { | |||
| /* We were called from CLI */ | |||
Loading…