summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2017-05-15 14:33:27 +0200
committerJoas Schilling <coding@schilljs.com>2017-05-15 14:33:27 +0200
commit72c1b248442fb05ef2ef1e8fbf3399cb06188013 (patch)
tree49887a496537c7c3a673d4f7319b04721fae517a
parentc56c98183d2c8078c436e9b2e0c4f2a0031b4729 (diff)
downloadnextcloud-server-72c1b248442fb05ef2ef1e8fbf3399cb06188013.tar.gz
nextcloud-server-72c1b248442fb05ef2ef1e8fbf3399cb06188013.zip
Check whether the $_SERVER['REQUEST_*'] vars exist before using them
Signed-off-by: Joas Schilling <coding@schilljs.com>
-rw-r--r--core/Middleware/TwoFactorMiddleware.php8
-rw-r--r--lib/base.php6
-rw-r--r--lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php11
-rw-r--r--lib/private/Route/Router.php2
4 files changed, 14 insertions, 13 deletions
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php
index c4c3b724eb5..e35c53d4049 100644
--- a/core/Middleware/TwoFactorMiddleware.php
+++ b/core/Middleware/TwoFactorMiddleware.php
@@ -124,9 +124,11 @@ class TwoFactorMiddleware extends Middleware {
public function afterException($controller, $methodName, Exception $exception) {
if ($exception instanceof TwoFactorAuthRequiredException) {
- return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', [
- 'redirect_url' => urlencode($this->request->server['REQUEST_URI']),
- ]));
+ $params = [];
+ if (isset($this->request->server['REQUEST_URI'])) {
+ $params['redirect_url'] = $this->request->server['REQUEST_URI'];
+ }
+ return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', $params));
}
if ($exception instanceof UserAlreadyLoggedInException) {
return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index'));
diff --git a/lib/base.php b/lib/base.php
index 483cd656916..bddd6a92cc8 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -132,7 +132,7 @@ class OC {
OC::$SUBURI = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT)));
/**
- * FIXME: The following lines are required because we can't yet instantiiate
+ * FIXME: The following lines are required because we can't yet instantiate
* \OC::$server->getRequest() since \OC::$server does not yet exist.
*/
$params = [
@@ -174,7 +174,7 @@ class OC {
// Resolve /nextcloud to /nextcloud/ to ensure to always have a trailing
// slash which is required by URL generation.
- if($_SERVER['REQUEST_URI'] === \OC::$WEBROOT &&
+ if (isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] === \OC::$WEBROOT &&
substr($_SERVER['REQUEST_URI'], -1) !== '/') {
header('Location: '.\OC::$WEBROOT.'/');
exit();
@@ -1005,7 +1005,7 @@ class OC {
}
// Handle WebDAV
- if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
+ if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PROPFIND') {
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
index e420a9dacc0..4e41c946432 100644
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -246,12 +246,11 @@ class SecurityMiddleware extends Middleware {
);
} else {
if($exception instanceof NotLoggedInException) {
- $url = $this->urlGenerator->linkToRoute(
- 'core.login.showLoginForm',
- [
- 'redirect_url' => $this->request->server['REQUEST_URI'],
- ]
- );
+ $params = [];
+ if (isset($this->request->server['REQUEST_URI'])) {
+ $params['redirect_url'] = $this->request->server['REQUEST_URI'];
+ }
+ $url = $this->urlGenerator->linkToRoute('core.login.showLoginForm', $params);
$response = new RedirectResponse($url);
} else {
$response = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest');
diff --git a/lib/private/Route/Router.php b/lib/private/Route/Router.php
index fd15400dad4..71aabe15c51 100644
--- a/lib/private/Route/Router.php
+++ b/lib/private/Route/Router.php
@@ -75,7 +75,7 @@ class Router implements IRouter {
if(!(\OC::$server->getConfig()->getSystemValue('htaccess.IgnoreFrontController', false) === true || getenv('front_controller_active') === 'true')) {
$baseUrl = \OC::$server->getURLGenerator()->linkTo('', 'index.php');
}
- if (!\OC::$CLI) {
+ if (!\OC::$CLI && isset($_SERVER['REQUEST_METHOD'])) {
$method = $_SERVER['REQUEST_METHOD'];
} else {
$method = 'GET';