summaryrefslogtreecommitdiffstats
path: root/apps/dav/lib
diff options
context:
space:
mode:
authorJoas Schilling <213943+nickvergessen@users.noreply.github.com>2020-04-15 12:48:49 +0200
committerGitHub <noreply@github.com>2020-04-15 12:48:49 +0200
commit5c0637bc90f9dbef088755b901a4a068dcd5d469 (patch)
treea6113924488a73577eb489da2b6e80a715105ed7 /apps/dav/lib
parent95ad9ab4ac0398c1d06f51ab382fd7b5081cc344 (diff)
parent4e846dda4dd3a7b99d6cea9d70f5dafc9cdbb15f (diff)
downloadnextcloud-server-5c0637bc90f9dbef088755b901a4a068dcd5d469.tar.gz
nextcloud-server-5c0637bc90f9dbef088755b901a4a068dcd5d469.zip
Merge pull request #20138 from nextcloud/bugfix/noid/make-remote-checking-more-generic
Make remote checking more generic
Diffstat (limited to 'apps/dav/lib')
-rw-r--r--apps/dav/lib/CalDAV/WebcalCaching/RefreshWebcalService.php53
1 files changed, 15 insertions, 38 deletions
diff --git a/apps/dav/lib/CalDAV/WebcalCaching/RefreshWebcalService.php b/apps/dav/lib/CalDAV/WebcalCaching/RefreshWebcalService.php
index fadf61fd7de..8883a5d353c 100644
--- a/apps/dav/lib/CalDAV/WebcalCaching/RefreshWebcalService.php
+++ b/apps/dav/lib/CalDAV/WebcalCaching/RefreshWebcalService.php
@@ -32,6 +32,7 @@ use GuzzleHttp\HandlerStack;
use GuzzleHttp\Middleware;
use OCA\DAV\CalDAV\CalDavBackend;
use OCP\Http\Client\IClientService;
+use OCP\Http\Client\LocalServerException;
use OCP\IConfig;
use OCP\ILogger;
use Psr\Http\Message\RequestInterface;
@@ -215,48 +216,15 @@ class RefreshWebcalService {
return null;
}
- if ($allowLocalAccess !== 'yes') {
- $host = strtolower(parse_url($url, PHP_URL_HOST));
- // remove brackets from IPv6 addresses
- if (strpos($host, '[') === 0 && substr($host, -1) === ']') {
- $host = substr($host, 1, -1);
- }
-
- // Disallow localhost and local network
- if ($host === 'localhost' || substr($host, -6) === '.local' || substr($host, -10) === '.localhost') {
- $this->logger->warning("Subscription $subscriptionId was not refreshed because it violates local access rules");
- return null;
- }
-
- // Disallow hostname only
- if (substr_count($host, '.') === 0) {
- $this->logger->warning("Subscription $subscriptionId was not refreshed because it violates local access rules");
- return null;
- }
-
- if ((bool)filter_var($host, FILTER_VALIDATE_IP) && !filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
- $this->logger->warning("Subscription $subscriptionId was not refreshed because it violates local access rules");
- return null;
- }
-
- // Also check for IPv6 IPv4 nesting, because that's not covered by filter_var
- if ((bool)filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && substr_count($host, '.') > 0) {
- $delimiter = strrpos($host, ':'); // Get last colon
- $ipv4Address = substr($host, $delimiter + 1);
-
- if (!filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
- $this->logger->warning("Subscription $subscriptionId was not refreshed because it violates local access rules");
- return null;
- }
- }
- }
-
try {
$params = [
'allow_redirects' => [
'redirects' => 10
],
'handler' => $handlerStack,
+ 'nextcloud' => [
+ 'allow_local_address' => $allowLocalAccess === 'yes',
+ ]
];
$user = parse_url($subscription['source'], PHP_URL_USER);
@@ -306,9 +274,18 @@ class RefreshWebcalService {
}
return $vCalendar->serialize();
}
+ } catch (LocalServerException $ex) {
+ $this->logger->logException($ex, [
+ 'message' => "Subscription $subscriptionId was not refreshed because it violates local access rules",
+ 'level' => ILogger::WARN,
+ ]);
+
+ return null;
} catch (Exception $ex) {
- $this->logger->logException($ex);
- $this->logger->warning("Subscription $subscriptionId could not be refreshed due to a network error");
+ $this->logger->logException($ex, [
+ 'message' => "Subscription $subscriptionId could not be refreshed due to a network error",
+ 'level' => ILogger::WARN,
+ ]);
return null;
}