diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2014-03-07 10:37:16 +0100 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2014-03-07 10:37:16 +0100 |
| commit | ba3f5fe53ad6ed9d056af15d578df3cd66f03ef0 (patch) | |
| tree | d27979334af587749823eefb75bd4e43ec3f50db /lib/base.php | |
| parent | 536c33895f3e721492e30b19e02e4f1889207d34 (diff) | |
| parent | 9136e6ad3028040b91685fc94e8fccd29c9b9210 (diff) | |
| download | nextcloud-server-ba3f5fe53ad6ed9d056af15d578df3cd66f03ef0.tar.gz nextcloud-server-ba3f5fe53ad6ed9d056af15d578df3cd66f03ef0.zip | |
Merge pull request #7583 from owncloud/trusteddomainerrorpage
[master] Show warning page when accessing server from an untrusted domain
Diffstat (limited to 'lib/base.php')
| -rw-r--r-- | lib/base.php | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/base.php b/lib/base.php index a44db8fd4db..86ee5349828 100644 --- a/lib/base.php +++ b/lib/base.php @@ -693,6 +693,22 @@ class OC { exit(); } + $host = OC_Request::insecureServerHost(); + // if the host passed in headers isn't trusted + if (!OC::$CLI + // overwritehost is always trusted + && OC_Request::getOverwriteHost() === null + && !OC_Request::isTrustedDomain($host)) { + + header('HTTP/1.1 400 Bad Request'); + header('Status: 400 Bad Request'); + OC_Template::printErrorPage( + 'You are accessing the server from an untrusted domain.', + 'Please contact your administrator' + ); + return; + } + $request = OC_Request::getPathInfo(); if (substr($request, -3) !== '.js') { // we need these files during the upgrade self::checkMaintenanceMode(); |