diff options
| author | John Molakvoæ <skjnldsv@protonmail.com> | 2024-01-16 17:31:26 +0100 |
|---|---|---|
| committer | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2024-01-17 09:05:11 +0100 |
| commit | 20a0b9cbaf16fe069e3278388b32efed10bc4ae6 (patch) | |
| tree | 4184cb33a491bd321228f960e51e9272830ca697 | |
| parent | ad12af8d06dfffe3e8d6b4a255aa96fc2c719136 (diff) | |
| download | nextcloud-server-20a0b9cbaf16fe069e3278388b32efed10bc4ae6.tar.gz nextcloud-server-20a0b9cbaf16fe069e3278388b32efed10bc4ae6.zip | |
fix(dav): ajax request check on public remote endpoints
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
| -rw-r--r-- | apps/dav/appinfo/v1/publicwebdav.php | 2 | ||||
| -rw-r--r-- | apps/dav/appinfo/v2/publicremote.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/apps/dav/appinfo/v1/publicwebdav.php b/apps/dav/appinfo/v1/publicwebdav.php index b5a88afb16e..8aa084a1114 100644 --- a/apps/dav/appinfo/v1/publicwebdav.php +++ b/apps/dav/appinfo/v1/publicwebdav.php @@ -73,7 +73,7 @@ $linkCheckPlugin = new \OCA\DAV\Files\Sharing\PublicLinkCheckPlugin(); $filesDropPlugin = new \OCA\DAV\Files\Sharing\FilesDropPlugin(); $server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) { - $isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest'); + $isAjax = in_array('XMLHttpRequest', explode(',', $_SERVER['HTTP_X_REQUESTED_WITH'] ?? '')); /** @var \OCA\FederatedFileSharing\FederatedShareProvider $shareProvider */ $federatedShareProvider = \OC::$server->query(\OCA\FederatedFileSharing\FederatedShareProvider::class); if ($federatedShareProvider->isOutgoingServer2serverShareEnabled() === false && !$isAjax) { diff --git a/apps/dav/appinfo/v2/publicremote.php b/apps/dav/appinfo/v2/publicremote.php index 0ef9bda8dda..0381614a328 100644 --- a/apps/dav/appinfo/v2/publicremote.php +++ b/apps/dav/appinfo/v2/publicremote.php @@ -96,7 +96,7 @@ preg_match('/(^files\/\w+)/i', substr($requestUri, strlen($baseuri)), $match); $baseuri = $baseuri . $match[0]; $server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) { - $isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest'); + $isAjax = in_array('XMLHttpRequest', explode(',', $_SERVER['HTTP_X_REQUESTED_WITH'] ?? '')); $federatedShareProvider = \OCP\Server::get(FederatedShareProvider::class); if ($federatedShareProvider->isOutgoingServer2serverShareEnabled() === false && !$isAjax) { // this is what is thrown when trying to access a non-existing share |