diff options
Diffstat (limited to 'lib/base.php')
-rw-r--r-- | lib/base.php | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/base.php b/lib/base.php index a44db8fd4db..86ee5349828 100644 --- a/lib/base.php +++ b/lib/base.php @@ -693,6 +693,22 @@ class OC { exit(); } + $host = OC_Request::insecureServerHost(); + // if the host passed in headers isn't trusted + if (!OC::$CLI + // overwritehost is always trusted + && OC_Request::getOverwriteHost() === null + && !OC_Request::isTrustedDomain($host)) { + + header('HTTP/1.1 400 Bad Request'); + header('Status: 400 Bad Request'); + OC_Template::printErrorPage( + 'You are accessing the server from an untrusted domain.', + 'Please contact your administrator' + ); + return; + } + $request = OC_Request::getPathInfo(); if (substr($request, -3) !== '.js') { // we need these files during the upgrade self::checkMaintenanceMode(); |