Improve local domain detection

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
author: Côme Chilliet <come.chilliet@nextcloud.com> 2022-06-23 11:45:16 +0200
committer: Côme Chilliet <come.chilliet@nextcloud.com> 2022-06-23 11:45:16 +0200
commit: d23c7d245ca3f776e8125c23d2150a3b07db6f8a (patch)
tree: 8dabd0153c46a96e92e6570db5deac506c1da44c /lib
parent: eb677bf048a2fd821d3397ccf33aa2b566026d7b (diff)
download: nextcloud-server-d23c7d245ca3f776e8125c23d2150a3b07db6f8a.tar.gz
nextcloud-server-d23c7d245ca3f776e8125c23d2150a3b07db6f8a.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/private/Http/Client/LocalAddressChecker.php b/lib/private/Http/Client/LocalAddressChecker.php
index 2789b1b5935..c69d1007a16 100644
--- a/lib/private/Http/Client/LocalAddressChecker.php
+++ b/lib/private/Http/Client/LocalAddressChecker.php
@@ -66,8 +66,10 @@ class LocalAddressChecker {
 			$host = substr($host, 1, -1);
 		}
 
-		// Disallow localhost and local network
-		if ($host === 'localhost' || substr($host, -6) === '.local' || substr($host, -10) === '.localhost') {
+		// Disallow local network top-level domains from RFC 6762
+		$localTopLevelDomains = ['local','localhost','intranet','internal','private','corp','home','lan'];
+		$topLevelDomain = substr((strrchr($host, '.') ?: ''), 1);
+		if (in_array($topLevelDomain, $localTopLevelDomains)) {
 			$this->logger->warning("Host $host was not connected to because it violates local access rules");
 			throw new LocalServerException('Host violates local access rules');
 		}
author	Côme Chilliet <come.chilliet@nextcloud.com>	2022-06-23 11:45:16 +0200
committer	Côme Chilliet <come.chilliet@nextcloud.com>	2022-06-23 11:45:16 +0200
commit	d23c7d245ca3f776e8125c23d2150a3b07db6f8a (patch)
tree	8dabd0153c46a96e92e6570db5deac506c1da44c /lib
parent	eb677bf048a2fd821d3397ccf33aa2b566026d7b (diff)
download	nextcloud-server-d23c7d245ca3f776e8125c23d2150a3b07db6f8a.tar.gz nextcloud-server-d23c7d245ca3f776e8125c23d2150a3b07db6f8a.zip