Merge pull request #17078 from owncloud/fix-initial-server-host

Fix undefined offset

2 files changed, 96 insertions, 8 deletions

diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php
index 7d6a49202c6..f826ef45bb5 100644
--- a/lib/private/appframework/http/request.php
+++ b/lib/private/appframework/http/request.php
@@ -659,11 +659,6 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 	 * @return string Server host
 	 */
 	public function getServerHost() {
-		// FIXME: Ugly workaround that we need to get rid of
-		if (\OC::$CLI && defined('PHPUNIT_RUN')) {
-			return 'localhost';
-		}
-
 		// overwritehost is always trusted
 		$host = $this->getOverwriteHost();
 		if ($host !== null) {
@@ -681,7 +676,11 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 			return $host;
 		} else {
 			$trustedList = $this->config->getSystemValue('trusted_domains', []);
-			return $trustedList[0];
+			if(!empty($trustedList)) {
+				return $trustedList[0];
+			} else {
+				return '';
+			}
 		}
 	}
 
diff --git a/tests/lib/appframework/http/RequestTest.php b/tests/lib/appframework/http/RequestTest.php
index a4bf3519bfc..de3430d757c 100644
--- a/tests/lib/appframework/http/RequestTest.php
+++ b/tests/lib/appframework/http/RequestTest.php
@@ -773,7 +773,23 @@ class RequestTest extends \Test\TestCase {
 		$this->assertEquals('from.forwarded.host2:8080',  $request->getInsecureServerHost());
 	}
 
-	public function testGetServerHost() {
+	public function testGetServerHostWithOverwriteHost() {
+		$this->config
+			->expects($this->at(0))
+			->method('getSystemValue')
+			->with('overwritehost')
+			->will($this->returnValue('my.overwritten.host'));
+		$this->config
+			->expects($this->at(1))
+			->method('getSystemValue')
+			->with('overwritecondaddr')
+			->will($this->returnValue(''));
+		$this->config
+			->expects($this->at(2))
+			->method('getSystemValue')
+			->with('overwritehost')
+			->will($this->returnValue('my.overwritten.host'));
+
 		$request = new Request(
 			[],
 			$this->secureRandom,
@@ -781,7 +797,80 @@ class RequestTest extends \Test\TestCase {
 			$this->stream
 		);
 
-		$this->assertEquals('localhost',  $request->getServerHost());
+		$this->assertEquals('my.overwritten.host',  $request->getServerHost());
+	}
+
+	public function testGetServerHostWithTrustedDomain() {
+		$this->config
+			->expects($this->at(3))
+			->method('getSystemValue')
+			->with('trusted_domains')
+			->will($this->returnValue(['my.trusted.host']));
+
+		$request = new Request(
+			[
+				'server' => [
+					'HTTP_X_FORWARDED_HOST' => 'my.trusted.host',
+				],
+			],
+			$this->secureRandom,
+			$this->config,
+			$this->stream
+		);
+
+		$this->assertEquals('my.trusted.host',  $request->getServerHost());
+	}
+
+	public function testGetServerHostWithUntrustedDomain() {
+		$this->config
+			->expects($this->at(3))
+			->method('getSystemValue')
+			->with('trusted_domains')
+			->will($this->returnValue(['my.trusted.host']));
+		$this->config
+			->expects($this->at(4))
+			->method('getSystemValue')
+			->with('trusted_domains')
+			->will($this->returnValue(['my.trusted.host']));
+
+		$request = new Request(
+			[
+				'server' => [
+					'HTTP_X_FORWARDED_HOST' => 'my.untrusted.host',
+				],
+			],
+			$this->secureRandom,
+			$this->config,
+			$this->stream
+		);
+
+		$this->assertEquals('my.trusted.host',  $request->getServerHost());
+	}
+
+	public function testGetServerHostWithNoTrustedDomain() {
+		$this->config
+			->expects($this->at(3))
+			->method('getSystemValue')
+			->with('trusted_domains')
+			->will($this->returnValue([]));
+		$this->config
+			->expects($this->at(4))
+			->method('getSystemValue')
+			->with('trusted_domains')
+			->will($this->returnValue([]));
+
+		$request = new Request(
+			[
+				'server' => [
+					'HTTP_X_FORWARDED_HOST' => 'my.untrusted.host',
+				],
+			],
+			$this->secureRandom,
+			$this->config,
+			$this->stream
+		);
+
+		$this->assertEquals('',  $request->getServerHost());
 	}
 
 	public function testGetOverwriteHostDefaultNull() {