diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2014-12-03 21:13:27 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2014-12-03 21:13:27 +0100 |
| commit | b3515a98e98e1403a841f435cfcd5058053dd4e1 (patch) | |
| tree | 3706d65057e3126f35dd9dc25e4596e8e07781d7 /lib | |
| parent | 69f5f6649e05dd404aa67fab95c5bb34e9ce4d1f (diff) | |
| download | nextcloud-server-b3515a98e98e1403a841f435cfcd5058053dd4e1.tar.gz nextcloud-server-b3515a98e98e1403a841f435cfcd5058053dd4e1.zip | |
Add workaround for older instances
To be removed with oCAdd workaround for older instances
To be removed with oC99
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/request.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/private/request.php b/lib/private/request.php index 794b566ce58..3c33dfc340a 100644 --- a/lib/private/request.php +++ b/lib/private/request.php @@ -86,13 +86,13 @@ class OC_Request { * of trusted domains. If no trusted domains have been configured, returns * true. * This is used to prevent Host Header Poisoning. - * @param string $domain + * @param string $domainWithPort * @return bool true if the given domain is trusted or if no trusted domains * have been configured */ - public static function isTrustedDomain($domain) { + public static function isTrustedDomain($domainWithPort) { // Extract port from domain if needed - $domain = self::getDomainWithoutPort($domain); + $domain = self::getDomainWithoutPort($domainWithPort); // FIXME: Empty config array defaults to true for now. - Deprecate this behaviour with ownCloud 8. $trustedList = \OC::$server->getConfig()->getSystemValue('trusted_domains', array()); @@ -100,6 +100,11 @@ class OC_Request { return true; } + // FIXME: Workaround for older instances still with port applied. Remove for ownCloud 9. + if(in_array($domainWithPort, $trustedList)) { + return true; + } + // Always allow access from localhost if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) { return true; |