diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/request.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/private/request.php b/lib/private/request.php index 794b566ce58..3c33dfc340a 100644 --- a/lib/private/request.php +++ b/lib/private/request.php @@ -86,13 +86,13 @@ class OC_Request { * of trusted domains. If no trusted domains have been configured, returns * true. * This is used to prevent Host Header Poisoning. - * @param string $domain + * @param string $domainWithPort * @return bool true if the given domain is trusted or if no trusted domains * have been configured */ - public static function isTrustedDomain($domain) { + public static function isTrustedDomain($domainWithPort) { // Extract port from domain if needed - $domain = self::getDomainWithoutPort($domain); + $domain = self::getDomainWithoutPort($domainWithPort); // FIXME: Empty config array defaults to true for now. - Deprecate this behaviour with ownCloud 8. $trustedList = \OC::$server->getConfig()->getSystemValue('trusted_domains', array()); @@ -100,6 +100,11 @@ class OC_Request { return true; } + // FIXME: Workaround for older instances still with port applied. Remove for ownCloud 9. + if(in_array($domainWithPort, $trustedList)) { + return true; + } + // Always allow access from localhost if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) { return true; |