diff options
| author | Johannes Ernst <jernst@indiecomputing.com> | 2016-07-06 23:38:30 +0000 |
|---|---|---|
| committer | Johannes Ernst <jernst@indiecomputing.com> | 2016-07-06 23:38:30 +0000 |
| commit | 2b4ceae620261a5433aa12acf5e2b385aef40ab8 (patch) | |
| tree | 11660ff500f63788e58573efc0c3f8b5bce9b2fc /lib/private/Security/TrustedDomainHelper.php | |
| parent | 3516b58be656f9f8a131ce68c5c1d0dd806f679c (diff) | |
| download | nextcloud-server-2b4ceae620261a5433aa12acf5e2b385aef40ab8.tar.gz nextcloud-server-2b4ceae620261a5433aa12acf5e2b385aef40ab8.zip | |
Trusted domain wildcard checking made shorter, supporting multiple *
Added test cases
Diffstat (limited to 'lib/private/Security/TrustedDomainHelper.php')
| -rw-r--r-- | lib/private/Security/TrustedDomainHelper.php | 40 |
1 files changed, 8 insertions, 32 deletions
diff --git a/lib/private/Security/TrustedDomainHelper.php b/lib/private/Security/TrustedDomainHelper.php index be4014327b3..44e133746fd 100644 --- a/lib/private/Security/TrustedDomainHelper.php +++ b/lib/private/Security/TrustedDomainHelper.php @@ -70,7 +70,7 @@ class TrustedDomainHelper { // Read trusted domains from config $trustedList = $this->config->getSystemValue('trusted_domains', []); - if(!is_array($trustedList)) { + if (!is_array($trustedList)) { return false; } @@ -79,39 +79,15 @@ class TrustedDomainHelper { return true; } - // Compare with port appended - if(in_array($domainWithPort, $trustedList, true)) { - return true; - } - - if(in_array($domain, $trustedList, true)) { - return true; - } - - // If a value contains a *, apply glob-style matching. Any second * is ignored. - foreach ($trustedList as $trusted) { - if($trusted === '*') { + // match, allowing for * wildcards + foreach ($trustedList as $trusted) { + if (gettype($trusted) !== 'string') { + break; + } + $regex = '/^' . join('.*', array_map(function($v) { return preg_quote($v, '/'); }, explode('*', $trusted))) . '$/'; + if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) { return true; } - $star = strpos($trusted, '*'); - if($star === false) { - break; - } - if($star === 0) { - if(strrpos($domain, substr($trusted, 1)) !== false) { - return true; - } - } elseif($star === strlen($trusted)-1) { - if(strpos($domain, substr($trusted, 0, strlen($trusted)-1 )) !== false) { - return true; - } - } else { - if(strpos($domain, substr($trusted, 0, $star)) !== false - && strrpos($domain, substr($trusted, $star+1 ), -strlen($trusted-$star-1)) !== false ) - { - return true; - } - } } return false; } |