Merge pull request #12154 from owncloud/ignore-port-for-trusted-domain

Ignore port for trusted domains

6 files changed, 79 insertions, 13 deletions

diff --git a/config/config.sample.php b/config/config.sample.php
index a7f92d93615..11c7a44b1ec 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -65,7 +65,7 @@ $CONFIG = array(
 'trusted_domains' =>
   array (
     'demo.example.org',
-    'otherdomain.example.org:8080',
+    'otherdomain.example.org',
   ),
 
 
diff --git a/lib/base.php b/lib/base.php
index 4cd9203248e..27b12339b24 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -573,14 +573,8 @@ class OC {
 			header('HTTP/1.1 400 Bad Request');
 			header('Status: 400 Bad Request');
 
-			$domain = $_SERVER['SERVER_NAME'];
-			// Append port to domain in case it is not
-			if($_SERVER['SERVER_PORT'] !== '80' && $_SERVER['SERVER_PORT'] !== '443') {
-				$domain .= ':'.$_SERVER['SERVER_PORT'];
-			}
-
 			$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
-			$tmpl->assign('domain', $domain);
+			$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
 			$tmpl->printPage();
 
 			exit();
diff --git a/lib/private/repair.php b/lib/private/repair.php
index 6cdcc31fbcf..98bf37f8862 100644
--- a/lib/private/repair.php
+++ b/lib/private/repair.php
@@ -83,7 +83,8 @@ class Repair extends BasicEmitter {
 		$steps = array(
 			new \OC\Repair\InnoDB(),
 			new \OC\Repair\Collation(\OC::$server->getConfig(), \OC_DB::getConnection()),
-			new \OC\Repair\SearchLuceneTables()
+			new \OC\Repair\SearchLuceneTables(),
+			new \OC\Repair\RepairConfig()
 		);
 
 		//There is no need to delete all previews on every single update
diff --git a/lib/private/request.php b/lib/private/request.php
index 221a21a258f..b9b23776088 100644
--- a/lib/private/request.php
+++ b/lib/private/request.php
@@ -13,7 +13,7 @@ class OC_Request {
 	const USER_AGENT_ANDROID_MOBILE_CHROME = '#Android.*Chrome/[.0-9]*#';
 	const USER_AGENT_FREEBOX = '#^Mozilla/5\.0$#';
 
-	const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)(:[0-9]+|)$/';
+	const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)$/';
 
 	/**
 	 * Check overwrite condition
@@ -36,13 +36,26 @@ class OC_Request {
 	 * have been configured
 	 */
 	public static function isTrustedDomain($domain) {
-		$trustedList = \OC_Config::getValue('trusted_domains', array());
+		// Extract port from domain if needed
+		$pos = strrpos($domain, ':');
+		if ($pos !== false) {
+			$port = substr($domain, $pos + 1);
+			if (is_numeric($port)) {
+				$domain = substr($domain, 0, $pos);
+			}
+		}
+
+		// FIXME: Empty config array defaults to true for now. - Deprecate this behaviour with ownCloud 8.
+		$trustedList = \OC::$server->getConfig()->getSystemValue('trusted_domains', array());
 		if (empty($trustedList)) {
 			return true;
 		}
+
+		// Always allow access from localhost
 		if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) {
 			return true;
 		}
+
 		return in_array($domain, $trustedList);
 	}
 
diff --git a/lib/repair/repairconfig.php b/lib/repair/repairconfig.php
new file mode 100644
index 00000000000..db119b4a25a
--- /dev/null
+++ b/lib/repair/repairconfig.php
@@ -0,0 +1,54 @@
+<?php
+/**
+ * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Repair;
+
+use OC\Hooks\BasicEmitter;
+use OC\RepairStep;
+use Sabre\DAV\Exception;
+
+/**
+ * Class RepairConfig
+ *
+ * @package OC\Repair
+ */
+class RepairConfig extends BasicEmitter implements RepairStep {
+
+	/**
+	 * @return string
+	 */
+	public function getName() {
+		return 'Repair config';
+	}
+
+	/**
+	 * Updates the configuration after running an update
+	 */
+	public function run() {
+		$this->removePortsFromTrustedDomains();
+	}
+
+	/**
+	 * Remove ports from existing trusted domains in config.php
+	 */
+	private function removePortsFromTrustedDomains() {
+		$trustedDomains = \OC::$server->getConfig()->getSystemValue('trusted_domains', array());
+		$newTrustedDomains = array();
+		foreach($trustedDomains as $domain) {
+			$pos = strrpos($domain, ':');
+			if ($pos !== false) {
+				$port = substr($domain, $pos + 1);
+				if (is_numeric($port)) {
+					$domain = substr($domain, 0, $pos);
+				}
+			}
+			$newTrustedDomains[] = $domain;
+		}
+		\OC::$server->getConfig()->setSystemValue('trusted_domains', $newTrustedDomains);
+	}
+}
diff --git a/tests/lib/request.php b/tests/lib/request.php
index bff84e1b03f..07b6d4cc89b 100644
--- a/tests/lib/request.php
+++ b/tests/lib/request.php
@@ -208,7 +208,7 @@ class Test_Request extends PHPUnit_Framework_TestCase {
 	}
 
 	public function trustedDomainDataProvider() {
-		$trustedHostTestList = array('host.one.test:8080', 'host.two.test:8080');
+		$trustedHostTestList = array('host.one.test', 'host.two.test', '[1fff:0:a88:85a3::ac1f]');
 		return array(
 			// empty defaults to true
 			array(null, 'host.one.test:8080', true),
@@ -217,8 +217,12 @@ class Test_Request extends PHPUnit_Framework_TestCase {
 
 			// trust list when defined
 			array($trustedHostTestList, 'host.two.test:8080', true),
-			array($trustedHostTestList, 'host.two.test:9999', false),
+			array($trustedHostTestList, 'host.two.test:9999', true),
 			array($trustedHostTestList, 'host.three.test:8080', false),
+			array($trustedHostTestList, 'host.two.test:8080:aa:222', false),
+			array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]', true),
+			array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801', true),
+			array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801:34', false),
 
 			// trust localhost regardless of trust list
 			array($trustedHostTestList, 'localhost', true),