diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2014-09-11 19:21:56 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2014-09-22 20:02:32 +0200 |
| commit | 6eeb905871fc7a671f99fd22c2592358a6abc02d (patch) | |
| tree | 391889ddb92d83a766a109cd7fc6bd58a4805691 /lib/public | |
| parent | 70937dabcdf60a047000347523bfee7a53e673e6 (diff) | |
| download | nextcloud-server-6eeb905871fc7a671f99fd22c2592358a6abc02d.tar.gz nextcloud-server-6eeb905871fc7a671f99fd22c2592358a6abc02d.zip | |
Do only follow HTTP and HTTPS redirects
We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)
Get final redirect manually using get_headers()
Migrate to HTTPHelper class and add unit tests
Diffstat (limited to 'lib/public')
| -rw-r--r-- | lib/public/iservercontainer.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/public/iservercontainer.php b/lib/public/iservercontainer.php index 1abf0d9938d..a093ff3a640 100644 --- a/lib/public/iservercontainer.php +++ b/lib/public/iservercontainer.php @@ -242,4 +242,10 @@ interface IServerContainer { * @return \OCP\IEventSource */ function createEventSource(); + + /** + * Returns an instance of the HTTP helper class + * @return \OC\HTTPHelper + */ + function getHTTPHelper(); } |