diff options
| author | Joas Schilling <coding@schilljs.com> | 2020-03-24 14:19:57 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2020-04-14 18:56:06 +0200 |
| commit | 5e402f8aaeacf05f956c6a73d7300e7849bc4bae (patch) | |
| tree | dd78e7b20ac19ed521ac147ec5236ac14a449130 /apps/dav/lib/CalDAV | |
| parent | d7a74d0e35798364fcf62ea6f89d38c0f53184ea (diff) | |
| download | nextcloud-server-5e402f8aaeacf05f956c6a73d7300e7849bc4bae.tar.gz nextcloud-server-5e402f8aaeacf05f956c6a73d7300e7849bc4bae.zip | |
Check all remotes for local access
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'apps/dav/lib/CalDAV')
| -rw-r--r-- | apps/dav/lib/CalDAV/WebcalCaching/RefreshWebcalService.php | 53 |
1 files changed, 15 insertions, 38 deletions
diff --git a/apps/dav/lib/CalDAV/WebcalCaching/RefreshWebcalService.php b/apps/dav/lib/CalDAV/WebcalCaching/RefreshWebcalService.php index fadf61fd7de..8883a5d353c 100644 --- a/apps/dav/lib/CalDAV/WebcalCaching/RefreshWebcalService.php +++ b/apps/dav/lib/CalDAV/WebcalCaching/RefreshWebcalService.php @@ -32,6 +32,7 @@ use GuzzleHttp\HandlerStack; use GuzzleHttp\Middleware; use OCA\DAV\CalDAV\CalDavBackend; use OCP\Http\Client\IClientService; +use OCP\Http\Client\LocalServerException; use OCP\IConfig; use OCP\ILogger; use Psr\Http\Message\RequestInterface; @@ -215,48 +216,15 @@ class RefreshWebcalService { return null; } - if ($allowLocalAccess !== 'yes') { - $host = strtolower(parse_url($url, PHP_URL_HOST)); - // remove brackets from IPv6 addresses - if (strpos($host, '[') === 0 && substr($host, -1) === ']') { - $host = substr($host, 1, -1); - } - - // Disallow localhost and local network - if ($host === 'localhost' || substr($host, -6) === '.local' || substr($host, -10) === '.localhost') { - $this->logger->warning("Subscription $subscriptionId was not refreshed because it violates local access rules"); - return null; - } - - // Disallow hostname only - if (substr_count($host, '.') === 0) { - $this->logger->warning("Subscription $subscriptionId was not refreshed because it violates local access rules"); - return null; - } - - if ((bool)filter_var($host, FILTER_VALIDATE_IP) && !filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { - $this->logger->warning("Subscription $subscriptionId was not refreshed because it violates local access rules"); - return null; - } - - // Also check for IPv6 IPv4 nesting, because that's not covered by filter_var - if ((bool)filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && substr_count($host, '.') > 0) { - $delimiter = strrpos($host, ':'); // Get last colon - $ipv4Address = substr($host, $delimiter + 1); - - if (!filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { - $this->logger->warning("Subscription $subscriptionId was not refreshed because it violates local access rules"); - return null; - } - } - } - try { $params = [ 'allow_redirects' => [ 'redirects' => 10 ], 'handler' => $handlerStack, + 'nextcloud' => [ + 'allow_local_address' => $allowLocalAccess === 'yes', + ] ]; $user = parse_url($subscription['source'], PHP_URL_USER); @@ -306,9 +274,18 @@ class RefreshWebcalService { } return $vCalendar->serialize(); } + } catch (LocalServerException $ex) { + $this->logger->logException($ex, [ + 'message' => "Subscription $subscriptionId was not refreshed because it violates local access rules", + 'level' => ILogger::WARN, + ]); + + return null; } catch (Exception $ex) { - $this->logger->logException($ex); - $this->logger->warning("Subscription $subscriptionId could not be refreshed due to a network error"); + $this->logger->logException($ex, [ + 'message' => "Subscription $subscriptionId could not be refreshed due to a network error", + 'level' => ILogger::WARN, + ]); return null; } |