Browse Source
Ignore port for trusted domains
This lead to a lot of confusion in the past and did not really offer any value. Let's remove the port check therefore. (it's anyways not really a part of the domain) Fixes https://github.com/owncloud/core/issues/12150 and https://github.com/owncloud/core/issues/12123 and also a problem reported by @DeepDiver1975. Conflicts: lib/private/request.phptags/v8.0.0alpha1
Lukas Reschke
9 years ago
4 changed files with 23 additions and 13 deletions
+ 1
- 1
config/config.sample.php
View File
| @@ -71,7 +71,7 @@ $CONFIG = array( | |||
| 'trusted_domains' => | |||
| array ( | |||
| 'demo.example.org', | |||
| 'otherdomain.example.org:8080', | |||
| 'otherdomain.example.org', | |||
| ), | |||
+ 1
- 7
lib/base.php
View File
| @@ -613,14 +613,8 @@ class OC { | |||
| header('HTTP/1.1 400 Bad Request'); | |||
| header('Status: 400 Bad Request'); | |||
| $domain = $_SERVER['SERVER_NAME']; | |||
| // Append port to domain in case it is not | |||
| if($_SERVER['SERVER_PORT'] !== '80' && $_SERVER['SERVER_PORT'] !== '443') { | |||
| $domain .= ':'.$_SERVER['SERVER_PORT']; | |||
| } | |||
| $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); | |||
| $tmpl->assign('domain', $domain); | |||
| $tmpl->assign('domain', $_SERVER['SERVER_NAME']); | |||
| $tmpl->printPage(); | |||
| exit(); | |||
+ 15
- 3
lib/private/request.php
View File
| @@ -12,8 +12,7 @@ class OC_Request { | |||
| // Android Chrome user agent: https://developers.google.com/chrome/mobile/docs/user-agent | |||
| const USER_AGENT_ANDROID_MOBILE_CHROME = '#Android.*Chrome/[.0-9]*#'; | |||
| const USER_AGENT_FREEBOX = '#^Mozilla/5\.0$#'; | |||
| const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)(:[0-9]+|)$/'; | |||
| const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)$/'; | |||
| static protected $reqId; | |||
| /** | |||
| @@ -76,13 +75,26 @@ class OC_Request { | |||
| * have been configured | |||
| */ | |||
| public static function isTrustedDomain($domain) { | |||
| $trustedList = \OC_Config::getValue('trusted_domains', array()); | |||
| // Extract port from domain if needed | |||
| $pos = strrpos($domain, ':'); | |||
| if ($pos !== false) { | |||
| $port = substr($domain, $pos + 1); | |||
| if (is_numeric($port)) { | |||
| $domain = substr($domain, 0, $pos); | |||
| } | |||
| } | |||
| // FIXME: Empty config array defaults to true for now. - Deprecate this behaviour with ownCloud 8. | |||
| $trustedList = \OC::$server->getConfig()->getSystemValue('trusted_domains', array()); | |||
| if (empty($trustedList)) { | |||
| return true; | |||
| } | |||
| // Always allow access from localhost | |||
| if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) { | |||
| return true; | |||
| } | |||
| return in_array($domain, $trustedList); | |||
| } | |||
+ 6
- 2
tests/lib/request.php
View File
| @@ -240,7 +240,7 @@ class Test_Request extends PHPUnit_Framework_TestCase { | |||
| } | |||
| public function trustedDomainDataProvider() { | |||
| $trustedHostTestList = array('host.one.test:8080', 'host.two.test:8080'); | |||
| $trustedHostTestList = array('host.one.test', 'host.two.test', '[1fff:0:a88:85a3::ac1f]'); | |||
| return array( | |||
| // empty defaults to true | |||
| array(null, 'host.one.test:8080', true), | |||
| @@ -249,8 +249,12 @@ class Test_Request extends PHPUnit_Framework_TestCase { | |||
| // trust list when defined | |||
| array($trustedHostTestList, 'host.two.test:8080', true), | |||
| array($trustedHostTestList, 'host.two.test:9999', false), | |||
| array($trustedHostTestList, 'host.two.test:9999', true), | |||
| array($trustedHostTestList, 'host.three.test:8080', false), | |||
| array($trustedHostTestList, 'host.two.test:8080:aa:222', false), | |||
| array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]', true), | |||
| array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801', true), | |||
| array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801:34', false), | |||
| // trust localhost regardless of trust list | |||
| array($trustedHostTestList, 'localhost', true), | |||
Loading…