diff options
| author | Johannes Ernst <jernst@indiecomputing.com> | 2016-07-05 18:49:18 +0000 |
|---|---|---|
| committer | Johannes Ernst <jernst@indiecomputing.com> | 2016-07-05 18:49:18 +0000 |
| commit | b1867dc8d1dc0a299c4156e813c9658ff29b2303 (patch) | |
| tree | 81bd0ebf212eb16ae5235022f6fd1b5b0e018d77 /lib/private/Security | |
| parent | fcf25864d6d18bf5cf55ed18370b334978a86daf (diff) | |
| download | nextcloud-server-b1867dc8d1dc0a299c4156e813c9658ff29b2303.tar.gz nextcloud-server-b1867dc8d1dc0a299c4156e813c9658ff29b2303.zip | |
Allow wildcard * to be used in trusted domains, to support setups where no reliable DNS entry is available (e.g. mDNS) or for simple-to-setup aliasing (e.g. *.example.com)
Diffstat (limited to 'lib/private/Security')
| -rw-r--r-- | lib/private/Security/TrustedDomainHelper.php | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/lib/private/Security/TrustedDomainHelper.php b/lib/private/Security/TrustedDomainHelper.php index 75407ae3939..6afefcbbe69 100644 --- a/lib/private/Security/TrustedDomainHelper.php +++ b/lib/private/Security/TrustedDomainHelper.php @@ -84,7 +84,35 @@ class TrustedDomainHelper { return true; } - return in_array($domain, $trustedList, true); - } + if(in_array($domain, $trustedList, true)) { + return true; + } + // If a value contains a *, apply glob-style matching. Any second * is ignored. + foreach ($trustedList as $trusted) { + if($trusted == '*') { + return true; + } + $star = strpos($trusted, '*'); + if($star === false) { + next; + } + if($star === 0) { + if(strrpos($domain, substr($trusted, 1)) !== false) { + return true; + } + } elseif($star === strlen($trusted)-1) { + if(strpos($domain, substr($trusted, 0, strlen($trusted)-1 )) !== false) { + return true; + } + } else { + if(strpos($domain, substr($trusted, 0, $star)) !== false + && strrpos($domain, substr($trusted, $star+1 ), -strlen($trusted-$star-1)) !== false ) + { + return true; + } + } + } + return false; + } } |