summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2014-09-05 14:10:35 +0200
committerLukas Reschke <lukas@owncloud.com>2014-09-05 14:10:35 +0200
commitc9afa60f6281dbaa2c5b0624ec818fc944c921e0 (patch)
tree84bb4668b807f481c23f2e2dabaffbb46219d87c /lib
parent5913a694de0e98e918d9d08340ac88c9f1eab937 (diff)
downloadnextcloud-server-c9afa60f6281dbaa2c5b0624ec818fc944c921e0.tar.gz
nextcloud-server-c9afa60f6281dbaa2c5b0624ec818fc944c921e0.zip
Move trusted domain check to init()
handleRequest() is not called from remote.php or public.php which made these files party available but all included apps in there produced errors. As the expected behaviour is anyways that a trusted domain warning is shown I moved this to init() Fixes https://github.com/owncloud/core/issues/10064
Diffstat (limited to 'lib')
-rw-r--r--lib/base.php30
1 files changed, 15 insertions, 15 deletions
diff --git a/lib/base.php b/lib/base.php
index 18331dd86aa..fb445124011 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -583,6 +583,21 @@ class OC {
);
return;
}
+
+ $host = OC_Request::insecureServerHost();
+ // if the host passed in headers isn't trusted
+ if (!OC::$CLI
+ // overwritehost is always trusted
+ && OC_Request::getOverwriteHost() === null
+ && !OC_Request::isTrustedDomain($host)
+ ) {
+ header('HTTP/1.1 400 Bad Request');
+ header('Status: 400 Bad Request');
+ $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
+ $tmpl->assign('domain', $_SERVER['SERVER_NAME']);
+ $tmpl->printPage();
+ return;
+ }
}
private static function registerLocalAddressBook() {
@@ -683,21 +698,6 @@ class OC {
exit();
}
- $host = OC_Request::insecureServerHost();
- // if the host passed in headers isn't trusted
- if (!OC::$CLI
- // overwritehost is always trusted
- && OC_Request::getOverwriteHost() === null
- && !OC_Request::isTrustedDomain($host)
- ) {
- header('HTTP/1.1 400 Bad Request');
- header('Status: 400 Bad Request');
- $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
- $tmpl->assign('domain', $_SERVER['SERVER_NAME']);
- $tmpl->printPage();
- return;
- }
-
$request = OC_Request::getPathInfo();
if (substr($request, -3) !== '.js') { // we need these files during the upgrade
self::checkMaintenanceMode();