diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2014-12-05 11:27:20 +0100 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2014-12-05 11:27:20 +0100 |
| commit | 4ec1da3014b1aecd2fa06575a69cd3c053eaba1a (patch) | |
| tree | edeebfc2e533cbf433955e056a117e50ad80b2e8 /lib/private | |
| parent | e81c2a49d10372b2709b20a0ecfdc7835297170f (diff) | |
| parent | 81541c56b6e489c14287e99cff239a89d9553e49 (diff) | |
| download | nextcloud-server-4ec1da3014b1aecd2fa06575a69cd3c053eaba1a.tar.gz nextcloud-server-4ec1da3014b1aecd2fa06575a69cd3c053eaba1a.zip | |
Merge pull request #12583 from owncloud/trim-port
Trim port from domain
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/request.php | 33 | ||||
| -rw-r--r-- | lib/private/setup.php | 2 |
2 files changed, 25 insertions, 10 deletions
diff --git a/lib/private/request.php b/lib/private/request.php index d079dc110d1..3c33dfc340a 100644 --- a/lib/private/request.php +++ b/lib/private/request.php @@ -66,23 +66,33 @@ class OC_Request { } /** + * Strips a potential port from a domain (in format domain:port) + * @param $host + * @return string $host without appended port + */ + public static function getDomainWithoutPort($host) { + $pos = strrpos($host, ':'); + if ($pos !== false) { + $port = substr($host, $pos + 1); + if (is_numeric($port)) { + $host = substr($host, 0, $pos); + } + } + return $host; + } + + /** * Checks whether a domain is considered as trusted from the list * of trusted domains. If no trusted domains have been configured, returns * true. * This is used to prevent Host Header Poisoning. - * @param string $domain + * @param string $domainWithPort * @return bool true if the given domain is trusted or if no trusted domains * have been configured */ - public static function isTrustedDomain($domain) { + public static function isTrustedDomain($domainWithPort) { // Extract port from domain if needed - $pos = strrpos($domain, ':'); - if ($pos !== false) { - $port = substr($domain, $pos + 1); - if (is_numeric($port)) { - $domain = substr($domain, 0, $pos); - } - } + $domain = self::getDomainWithoutPort($domainWithPort); // FIXME: Empty config array defaults to true for now. - Deprecate this behaviour with ownCloud 8. $trustedList = \OC::$server->getConfig()->getSystemValue('trusted_domains', array()); @@ -90,6 +100,11 @@ class OC_Request { return true; } + // FIXME: Workaround for older instances still with port applied. Remove for ownCloud 9. + if(in_array($domainWithPort, $trustedList)) { + return true; + } + // Always allow access from localhost if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) { return true; diff --git a/lib/private/setup.php b/lib/private/setup.php index 1443de18546..e5eb2bac194 100644 --- a/lib/private/setup.php +++ b/lib/private/setup.php @@ -162,7 +162,7 @@ class OC_Setup { && is_array($options['trusted_domains'])) { $trustedDomains = $options['trusted_domains']; } else { - $trustedDomains = array(OC_Request::serverHost()); + $trustedDomains = array(\OC_Request::getDomainWithoutPort(\OC_Request::serverHost())); } if (OC_Util::runningOnWindows()) { |