summaryrefslogtreecommitdiffstats
path: root/lib/base.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/base.php')
-rw-r--r--lib/base.php16
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/base.php b/lib/base.php
index a44db8fd4db..86ee5349828 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -693,6 +693,22 @@ class OC {
exit();
}
+ $host = OC_Request::insecureServerHost();
+ // if the host passed in headers isn't trusted
+ if (!OC::$CLI
+ // overwritehost is always trusted
+ && OC_Request::getOverwriteHost() === null
+ && !OC_Request::isTrustedDomain($host)) {
+
+ header('HTTP/1.1 400 Bad Request');
+ header('Status: 400 Bad Request');
+ OC_Template::printErrorPage(
+ 'You are accessing the server from an untrusted domain.',
+ 'Please contact your administrator'
+ );
+ return;
+ }
+
$request = OC_Request::getPathInfo();
if (substr($request, -3) !== '.js') { // we need these files during the upgrade
self::checkMaintenanceMode();