diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2014-11-13 11:15:47 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2014-11-18 12:36:03 +0100 |
| commit | d0a30b0e55799e8f5348ee558346d6ebf32cedda (patch) | |
| tree | a5e9d1f4980f66b7e8923f08a870b663c921f5aa /lib | |
| parent | 230e517f3506624091d19194ce17d43c3f105c88 (diff) | |
| download | nextcloud-server-d0a30b0e55799e8f5348ee558346d6ebf32cedda.tar.gz nextcloud-server-d0a30b0e55799e8f5348ee558346d6ebf32cedda.zip | |
Ignore port for trusted domains
This lead to a lot of confusion in the past and did not really offer any value. Let's remove the port check therefore. (it's anyways not really a part of the domain)
Fixes https://github.com/owncloud/core/issues/12150 and https://github.com/owncloud/core/issues/12123 and also a problem reported by @DeepDiver1975.
Conflicts:
lib/private/request.php
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 8 | ||||
| -rw-r--r-- | lib/private/request.php | 18 |
2 files changed, 16 insertions, 10 deletions
diff --git a/lib/base.php b/lib/base.php index d365a4a306f..c97c158a1fb 100644 --- a/lib/base.php +++ b/lib/base.php @@ -613,14 +613,8 @@ class OC { header('HTTP/1.1 400 Bad Request'); header('Status: 400 Bad Request'); - $domain = $_SERVER['SERVER_NAME']; - // Append port to domain in case it is not - if($_SERVER['SERVER_PORT'] !== '80' && $_SERVER['SERVER_PORT'] !== '443') { - $domain .= ':'.$_SERVER['SERVER_PORT']; - } - $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); - $tmpl->assign('domain', $domain); + $tmpl->assign('domain', $_SERVER['SERVER_NAME']); $tmpl->printPage(); exit(); diff --git a/lib/private/request.php b/lib/private/request.php index 1cfa4a150c5..d079dc110d1 100644 --- a/lib/private/request.php +++ b/lib/private/request.php @@ -12,8 +12,7 @@ class OC_Request { // Android Chrome user agent: https://developers.google.com/chrome/mobile/docs/user-agent const USER_AGENT_ANDROID_MOBILE_CHROME = '#Android.*Chrome/[.0-9]*#'; const USER_AGENT_FREEBOX = '#^Mozilla/5\.0$#'; - - const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)(:[0-9]+|)$/'; + const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)$/'; static protected $reqId; /** @@ -76,13 +75,26 @@ class OC_Request { * have been configured */ public static function isTrustedDomain($domain) { - $trustedList = \OC_Config::getValue('trusted_domains', array()); + // Extract port from domain if needed + $pos = strrpos($domain, ':'); + if ($pos !== false) { + $port = substr($domain, $pos + 1); + if (is_numeric($port)) { + $domain = substr($domain, 0, $pos); + } + } + + // FIXME: Empty config array defaults to true for now. - Deprecate this behaviour with ownCloud 8. + $trustedList = \OC::$server->getConfig()->getSystemValue('trusted_domains', array()); if (empty($trustedList)) { return true; } + + // Always allow access from localhost if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) { return true; } + return in_array($domain, $trustedList); } |