diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-02-18 13:06:46 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-02-18 13:06:46 +0100 |
| commit | 1a41f8f6f9e1e5edf942a6032197190f3dda9879 (patch) | |
| tree | 46dc0866fbdb5fbb8fbf0e3d9eb978ee35e21d6d /lib/base.php | |
| parent | caa6d3e2db27390a4fc591f563ab05bad7cc3c70 (diff) | |
| download | nextcloud-server-1a41f8f6f9e1e5edf942a6032197190f3dda9879.tar.gz nextcloud-server-1a41f8f6f9e1e5edf942a6032197190f3dda9879.zip | |
Check if instance is not yet installed
Due to a security hardening in 8.1 a missing value of empty trusted domains in the config would provoke an error as this was misused by a lot of users.
This caused a problem where the initial installation happened from another domain than 127.0.0.1 as in this case the domain was considered untrusted as no value was defined. However, this special case should not get intercepted.
To test:
- [ ] Installing ownCloud on 127.0.0.1 works
- [ ] Installing ownCloud on another domain / IP works
- [ ] When setting up ownCloud from 127.0.0.1 and accessing it from the domain above the trusted domain error should be shown if not specified in the config
Fixes https://github.com/owncloud/core/issues/14320
Diffstat (limited to 'lib/base.php')
| -rw-r--r-- | lib/base.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/base.php b/lib/base.php index cdc662c28d9..93f7a2a9b21 100644 --- a/lib/base.php +++ b/lib/base.php @@ -637,6 +637,7 @@ class OC { // \OC\AppFramework\Http\Request::getOverwriteHost public && self::$server->getConfig()->getSystemValue('overwritehost') === '' && !\OC::$server->getTrustedDomainHelper()->isTrustedDomain($host) + && self::$server->getConfig()->getSystemValue('installed', false) ) { header('HTTP/1.1 400 Bad Request'); header('Status: 400 Bad Request'); |