aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2014-12-03 21:13:27 +0100
committerLukas Reschke <lukas@owncloud.com>2014-12-03 21:13:27 +0100
commitb3515a98e98e1403a841f435cfcd5058053dd4e1 (patch)
tree3706d65057e3126f35dd9dc25e4596e8e07781d7
parent69f5f6649e05dd404aa67fab95c5bb34e9ce4d1f (diff)
downloadnextcloud-server-b3515a98e98e1403a841f435cfcd5058053dd4e1.tar.gz
nextcloud-server-b3515a98e98e1403a841f435cfcd5058053dd4e1.zip
Add workaround for older instances
To be removed with oCAdd workaround for older instances To be removed with oC99
-rw-r--r--lib/private/request.php11
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/private/request.php b/lib/private/request.php
index 794b566ce58..3c33dfc340a 100644
--- a/lib/private/request.php
+++ b/lib/private/request.php
@@ -86,13 +86,13 @@ class OC_Request {
* of trusted domains. If no trusted domains have been configured, returns
* true.
* This is used to prevent Host Header Poisoning.
- * @param string $domain
+ * @param string $domainWithPort
* @return bool true if the given domain is trusted or if no trusted domains
* have been configured
*/
- public static function isTrustedDomain($domain) {
+ public static function isTrustedDomain($domainWithPort) {
// Extract port from domain if needed
- $domain = self::getDomainWithoutPort($domain);
+ $domain = self::getDomainWithoutPort($domainWithPort);
// FIXME: Empty config array defaults to true for now. - Deprecate this behaviour with ownCloud 8.
$trustedList = \OC::$server->getConfig()->getSystemValue('trusted_domains', array());
@@ -100,6 +100,11 @@ class OC_Request {
return true;
}
+ // FIXME: Workaround for older instances still with port applied. Remove for ownCloud 9.
+ if(in_array($domainWithPort, $trustedList)) {
+ return true;
+ }
+
// Always allow access from localhost
if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) {
return true;