This lead to a lot of confusion in the past and did not really offer any value. Let's remove the port check therefore. (it's anyways not really a part of the domain) Fixes https://github.com/owncloud/core/issues/12150 and https://github.com/owncloud/core/issues/12123 and also a problem reported by @DeepDiver1975. Conflicts: lib/private/request.phptags/v8.0.0alpha1
@@ -71,7 +71,7 @@ $CONFIG = array( | |||
'trusted_domains' => | |||
array ( | |||
'demo.example.org', | |||
'otherdomain.example.org:8080', | |||
'otherdomain.example.org', | |||
), | |||
@@ -613,14 +613,8 @@ class OC { | |||
header('HTTP/1.1 400 Bad Request'); | |||
header('Status: 400 Bad Request'); | |||
$domain = $_SERVER['SERVER_NAME']; | |||
// Append port to domain in case it is not | |||
if($_SERVER['SERVER_PORT'] !== '80' && $_SERVER['SERVER_PORT'] !== '443') { | |||
$domain .= ':'.$_SERVER['SERVER_PORT']; | |||
} | |||
$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); | |||
$tmpl->assign('domain', $domain); | |||
$tmpl->assign('domain', $_SERVER['SERVER_NAME']); | |||
$tmpl->printPage(); | |||
exit(); |
@@ -12,8 +12,7 @@ class OC_Request { | |||
// Android Chrome user agent: https://developers.google.com/chrome/mobile/docs/user-agent | |||
const USER_AGENT_ANDROID_MOBILE_CHROME = '#Android.*Chrome/[.0-9]*#'; | |||
const USER_AGENT_FREEBOX = '#^Mozilla/5\.0$#'; | |||
const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)(:[0-9]+|)$/'; | |||
const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)$/'; | |||
static protected $reqId; | |||
/** | |||
@@ -76,13 +75,26 @@ class OC_Request { | |||
* have been configured | |||
*/ | |||
public static function isTrustedDomain($domain) { | |||
$trustedList = \OC_Config::getValue('trusted_domains', array()); | |||
// Extract port from domain if needed | |||
$pos = strrpos($domain, ':'); | |||
if ($pos !== false) { | |||
$port = substr($domain, $pos + 1); | |||
if (is_numeric($port)) { | |||
$domain = substr($domain, 0, $pos); | |||
} | |||
} | |||
// FIXME: Empty config array defaults to true for now. - Deprecate this behaviour with ownCloud 8. | |||
$trustedList = \OC::$server->getConfig()->getSystemValue('trusted_domains', array()); | |||
if (empty($trustedList)) { | |||
return true; | |||
} | |||
// Always allow access from localhost | |||
if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) { | |||
return true; | |||
} | |||
return in_array($domain, $trustedList); | |||
} | |||
@@ -240,7 +240,7 @@ class Test_Request extends PHPUnit_Framework_TestCase { | |||
} | |||
public function trustedDomainDataProvider() { | |||
$trustedHostTestList = array('host.one.test:8080', 'host.two.test:8080'); | |||
$trustedHostTestList = array('host.one.test', 'host.two.test', '[1fff:0:a88:85a3::ac1f]'); | |||
return array( | |||
// empty defaults to true | |||
array(null, 'host.one.test:8080', true), | |||
@@ -249,8 +249,12 @@ class Test_Request extends PHPUnit_Framework_TestCase { | |||
// trust list when defined | |||
array($trustedHostTestList, 'host.two.test:8080', true), | |||
array($trustedHostTestList, 'host.two.test:9999', false), | |||
array($trustedHostTestList, 'host.two.test:9999', true), | |||
array($trustedHostTestList, 'host.three.test:8080', false), | |||
array($trustedHostTestList, 'host.two.test:8080:aa:222', false), | |||
array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]', true), | |||
array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801', true), | |||
array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801:34', false), | |||
// trust localhost regardless of trust list | |||
array($trustedHostTestList, 'localhost', true), |