diff options
| author | Daniel Kesselberg <mail@danielkesselberg.de> | 2024-09-30 13:05:19 +0200 |
|---|---|---|
| committer | Daniel Kesselberg <mail@danielkesselberg.de> | 2024-10-01 18:00:47 +0200 |
| commit | 6be00432b75a80a246246883c5fa955ce803f3d8 (patch) | |
| tree | cecf063b90e346811aad05863a6ce5c5badcdddc | |
| parent | 870816466f2d1adaf956a83491c0645556b0d02b (diff) | |
| download | nextcloud-server-6be00432b75a80a246246883c5fa955ce803f3d8.tar.gz nextcloud-server-6be00432b75a80a246246883c5fa955ce803f3d8.zip | |
chore: always execute parse_url in preventLocalAddressbug/noid/federated-addressbook-sync-without-localaddressallowed
This change should make it easier to spot wrong uses of the HTTP client on development setups where allow_local_remote_servers is usually true.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
| -rw-r--r-- | lib/private/Http/Client/Client.php | 9 | ||||
| -rw-r--r-- | tests/lib/Http/Client/ClientTest.php | 8 |
2 files changed, 12 insertions, 5 deletions
diff --git a/lib/private/Http/Client/Client.php b/lib/private/Http/Client/Client.php index 40ce012cd1a..62209ff9040 100644 --- a/lib/private/Http/Client/Client.php +++ b/lib/private/Http/Client/Client.php @@ -158,14 +158,15 @@ class Client implements IClient { } protected function preventLocalAddress(string $uri, array $options): void { - if ($this->isLocalAddressAllowed($options)) { - return; - } - $host = parse_url($uri, PHP_URL_HOST); if ($host === false || $host === null) { throw new LocalServerException('Could not detect any host'); } + + if ($this->isLocalAddressAllowed($options)) { + return; + } + if (!$this->remoteHostValidator->isValid($host)) { throw new LocalServerException('Host "' . $host . '" violates local access rules'); } diff --git a/tests/lib/Http/Client/ClientTest.php b/tests/lib/Http/Client/ClientTest.php index 237bb1299e5..47a6b885aed 100644 --- a/tests/lib/Http/Client/ClientTest.php +++ b/tests/lib/Http/Client/ClientTest.php @@ -130,6 +130,13 @@ class ClientTest extends \Test\TestCase { ], self::invokePrivate($this->client, 'getProxyUri')); } + public function testPreventLocalAddressThrowOnInvalidUri(): void { + $this->expectException(LocalServerException::class); + $this->expectExceptionMessage('Could not detect any host'); + + self::invokePrivate($this->client, 'preventLocalAddress', ['!@#$', []]); + } + public function dataPreventLocalAddress():array { return [ ['https://localhost/foo.bar'], @@ -146,7 +153,6 @@ class ClientTest extends \Test\TestCase { ['https://10.0.0.1'], ['https://another-host.local'], ['https://service.localhost'], - ['!@#$', true], // test invalid url ['https://normal.host.com'], ['https://com.one-.nextcloud-one.com'], ]; |