diff options
| -rw-r--r-- | lib/base.php | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/lib/base.php b/lib/base.php index 18331dd86aa..fb445124011 100644 --- a/lib/base.php +++ b/lib/base.php @@ -583,6 +583,21 @@ class OC { ); return; } + + $host = OC_Request::insecureServerHost(); + // if the host passed in headers isn't trusted + if (!OC::$CLI + // overwritehost is always trusted + && OC_Request::getOverwriteHost() === null + && !OC_Request::isTrustedDomain($host) + ) { + header('HTTP/1.1 400 Bad Request'); + header('Status: 400 Bad Request'); + $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); + $tmpl->assign('domain', $_SERVER['SERVER_NAME']); + $tmpl->printPage(); + return; + } } private static function registerLocalAddressBook() { @@ -683,21 +698,6 @@ class OC { exit(); } - $host = OC_Request::insecureServerHost(); - // if the host passed in headers isn't trusted - if (!OC::$CLI - // overwritehost is always trusted - && OC_Request::getOverwriteHost() === null - && !OC_Request::isTrustedDomain($host) - ) { - header('HTTP/1.1 400 Bad Request'); - header('Status: 400 Bad Request'); - $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); - $tmpl->assign('domain', $_SERVER['SERVER_NAME']); - $tmpl->printPage(); - return; - } - $request = OC_Request::getPathInfo(); if (substr($request, -3) !== '.js') { // we need these files during the upgrade self::checkMaintenanceMode(); |