diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2017-05-15 09:49:11 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-05-15 09:49:11 -0500 |
| commit | 8c5062794f3abc157e48af2cf4bc3c0dfe570cbe (patch) | |
| tree | 7f7725c48d472766b0d6a2933b1939d5c5ce4258 | |
| parent | 3bd51321de17b7a4dea361955c4affc1aff92739 (diff) | |
| parent | 72c1b248442fb05ef2ef1e8fbf3399cb06188013 (diff) | |
| download | nextcloud-server-8c5062794f3abc157e48af2cf4bc3c0dfe570cbe.tar.gz nextcloud-server-8c5062794f3abc157e48af2cf4bc3c0dfe570cbe.zip | |
Merge pull request #4873 from nextcloud/check-whether-REQUEST-exists
Check whether the $_SERVER['REQUEST_*'] vars exist before using them
| -rw-r--r-- | core/Middleware/TwoFactorMiddleware.php | 8 | ||||
| -rw-r--r-- | lib/base.php | 6 | ||||
| -rw-r--r-- | lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php | 11 | ||||
| -rw-r--r-- | lib/private/Route/Router.php | 2 |
4 files changed, 14 insertions, 13 deletions
diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php index c4c3b724eb5..e35c53d4049 100644 --- a/core/Middleware/TwoFactorMiddleware.php +++ b/core/Middleware/TwoFactorMiddleware.php @@ -124,9 +124,11 @@ class TwoFactorMiddleware extends Middleware { public function afterException($controller, $methodName, Exception $exception) { if ($exception instanceof TwoFactorAuthRequiredException) { - return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', [ - 'redirect_url' => urlencode($this->request->server['REQUEST_URI']), - ])); + $params = []; + if (isset($this->request->server['REQUEST_URI'])) { + $params['redirect_url'] = $this->request->server['REQUEST_URI']; + } + return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', $params)); } if ($exception instanceof UserAlreadyLoggedInException) { return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index')); diff --git a/lib/base.php b/lib/base.php index 0a51d3af5fc..38e9fb8e498 100644 --- a/lib/base.php +++ b/lib/base.php @@ -132,7 +132,7 @@ class OC { OC::$SUBURI = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT))); /** - * FIXME: The following lines are required because we can't yet instantiiate + * FIXME: The following lines are required because we can't yet instantiate * \OC::$server->getRequest() since \OC::$server does not yet exist. */ $params = [ @@ -174,7 +174,7 @@ class OC { // Resolve /nextcloud to /nextcloud/ to ensure to always have a trailing // slash which is required by URL generation. - if($_SERVER['REQUEST_URI'] === \OC::$WEBROOT && + if (isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] === \OC::$WEBROOT && substr($_SERVER['REQUEST_URI'], -1) !== '/') { header('Location: '.\OC::$WEBROOT.'/'); exit(); @@ -1008,7 +1008,7 @@ class OC { } // Handle WebDAV - if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { + if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PROPFIND') { // not allowed any more to prevent people // mounting this root directly. // Users need to mount remote.php/webdav instead. diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php index e420a9dacc0..4e41c946432 100644 --- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php @@ -246,12 +246,11 @@ class SecurityMiddleware extends Middleware { ); } else { if($exception instanceof NotLoggedInException) { - $url = $this->urlGenerator->linkToRoute( - 'core.login.showLoginForm', - [ - 'redirect_url' => $this->request->server['REQUEST_URI'], - ] - ); + $params = []; + if (isset($this->request->server['REQUEST_URI'])) { + $params['redirect_url'] = $this->request->server['REQUEST_URI']; + } + $url = $this->urlGenerator->linkToRoute('core.login.showLoginForm', $params); $response = new RedirectResponse($url); } else { $response = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest'); diff --git a/lib/private/Route/Router.php b/lib/private/Route/Router.php index fd15400dad4..71aabe15c51 100644 --- a/lib/private/Route/Router.php +++ b/lib/private/Route/Router.php @@ -75,7 +75,7 @@ class Router implements IRouter { if(!(\OC::$server->getConfig()->getSystemValue('htaccess.IgnoreFrontController', false) === true || getenv('front_controller_active') === 'true')) { $baseUrl = \OC::$server->getURLGenerator()->linkTo('', 'index.php'); } - if (!\OC::$CLI) { + if (!\OC::$CLI && isset($_SERVER['REQUEST_METHOD'])) { $method = $_SERVER['REQUEST_METHOD']; } else { $method = 'GET'; |