aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Http
Commit message (Collapse)AuthorAgeFilesLines
* Fix tests for nested v4 in v6Côme Chilliet2022-09-201-14/+6
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Use new dependency to normalize IPsCôme Chilliet2022-09-201-0/+13
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Add missing urldecode and idn_to_utf8 calls to local address checkerCôme Chilliet2022-09-202-2/+2
| | | | | | The call to idn_to_utf8 call is actually to apply normalization Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Fix typos in lib/private subdirectoryluz paz2022-07-271-1/+1
| | | | | | Found via `codespell -q 3 -S l10n -L jus ./lib/private` Signed-off-by: luz paz <luzpaz@github.com>
* Use Symfony IpUtils to check for local IP rangesCôme Chilliet2022-07-121-3/+7
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Check for local IPs nested in IPv6 as wellCôme Chilliet2022-07-121-1/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Refactor local IP if and set strict to true for in_arrayCôme Chilliet2022-07-121-6/+6
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Improve local IP detectionCôme Chilliet2022-07-121-0/+6
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Improve local domain detectionCôme Chilliet2022-06-231-2/+4
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Migrate from ILogger to LoggerInterface in lib/privateCôme Chilliet2022-03-243-15/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Send images to imaginary docker to generate previewsVincent Petry2022-03-171-1/+2
| | | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu> Co-Authored-by: Vincent Petry <vincent@nextcloud.com>
* Check for !== false instead Lukas Reschke2021-07-121-1/+1
| | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Check if dns_get_record returns non-falseLukas Reschke2021-07-121-1/+1
| | | | | | | `dns_get_record` can return false which results in exceptions such as the ones shown in https://github.com/nextcloud/server/issues/27870. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Fixes recursion count incrementationSanpi2021-07-071-1/+1
| | | | Signed-off-by: Sanpi <sanpi@homecomputing.fr>
* Merge pull request #27801 from nextcloud/enh/noid/hardening-dns-pin-middlewarekesselb2021-07-061-13/+28
|\ | | | | Ignore subdomain for soa queries
| * Ignore subdomain for soa queriesDaniel Kesselberg2021-07-051-13/+28
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Fix DnsPinMiddleware resolve pinning bugAaron Ball2021-07-021-5/+12
|/ | | | | | | | | | | | | | | | | | | | | | | | | | Libcurl expects the value of the CURLOPT_RESOLVE configurations to be an array of strings, those strings containing a comma delimited list of resolved IPs for each host:port combination. The original code here does create that array with the host:port:ip combination, but multiple ips for a single host:port result in additional array entries, rather than adding them to the end of the string with a comma. Per the libcurl docs, the `CURLOPT_RESOLVE` array entries should match the syntax `host:port:address[,address]`. This creates a function-scoped associative array which uses `host:port` as the key (which are supposed to be unique and this ensures that), and the value is an array containing IP strings (ipv4 or ipv6). Once the associative array is populated, it is then set to the CURLOPT_RESOLVE array, imploding the ip arrays using a comma delimiter so the array syntax matches the expected by libcurl. Note that this reorders the "foreach ip" and "foreach port" loops. Rather than looping over ips then ports, we now loop over ports then ips, since ports are part of the unique host:port map, and multiple ips can exist therein. Signed-off-by: Aaron Ball <nullspoon@oper.io>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-048-13/+7
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* ensure redis returns bool for hasKeyArthur Schiwon2021-04-131-1/+1
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Strictify null checkLukas Reschke2021-04-061-2/+3
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Improve networking checksLukas Reschke2021-04-065-42/+316
| | | | | | Whilst we currently state that SSRF is generally outside of our threat model, this is something where we should invest to improve this. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Type the service registrationChristoph Wurst2021-02-101-2/+5
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use RFC-compliant URL encoding for cookiesMarco Ziech2021-01-241-1/+1
| | | | | | | PHP 7.4.2 changed the way how cookies are decoded, applying RFC-compliant raw URL decoding. This leads to a conflict Nextcloud's own cookie encoding, breaking the remember-me function if the UID contains a space character. Fixes #24438 Signed-off-by: Marco Ziech <marco@ziech.net>
* Fix option in the client code itself as wellRoeland Jago Douma2021-01-121-6/+12
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update license headersChristoph Wurst2020-12-301-3/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #24702 from nextcloud/enhancement/well-known-handler-apiChristoph Wurst2020-12-181-0/+124
|\ | | | | Add well known handlers API
| * Add well known handlers APIChristoph Wurst2020-12-161-0/+124
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Update all license headers for Nextcloud 21Christoph Wurst2020-12-161-0/+1
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Simple typo in commentsCarlos Ferreira2020-11-201-2/+2
|
* Always return the default path if we canRoeland Jago Douma2020-11-031-4/+0
| | | | | | | | Just check in the certifcate manager. So every part of the system that request the certificatebundle gets the defaullt one (the 99% case) if we can. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update the license headers for Nextcloud 20Christoph Wurst2020-08-241-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* parse_url returns null in case a parameter is not foundJoas Schilling2020-07-291-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Do not read certificate bundle from data dir by defaultMorris Jobke2020-05-251-7/+7
| | | | | | | | | | | Before the resources/config/ca-bundle.crt was only used when the list of custom certificates was empty and the instance was not installed. But it should also be used when the list is empty and the instance is installed. This is inverting the logic to stop if the instance is not installed to use the default bundle. And it also does this when the list is empty. Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Allow gzip encoded requests by defaultMorris Jobke2020-05-201-0/+4
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update license headers for 19Christoph Wurst2020-04-293-1/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Check all remotes for local accessJoas Schilling2020-04-142-10/+66
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add visibility to all constantsChristoph Wurst2020-04-101-3/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-102-2/+1
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use elseif instead of else ifChristoph Wurst2020-04-101-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update the license headers for Nextcloud 19Christoph Wurst2020-03-311-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add support for GuzzleHTTP 'no' proxyMohammed Abdellatif2020-02-291-7/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The custom config allows to setup a proxy URI that is passed to GuzzleHTTP client as request options. Guzzle has the option to receive an array of proxies for each URI scheme as well as 'no' key value pair to provide a list of host names that should not be proxied to. Guzzle would automatically populate these options with HTTPS_PROXY and NO_PROXY environment variables. However, when providing a 'proxy' request option, default values will be overriden and it is required to explicitly provide the 'no' value if needed. More info: http://docs.guzzlephp.org/en/stable/request-options.html#proxy This commit will add support for a new config 'proxyexclude', which takes a list of host names to be excluded. It will also provide 'proxy' request option as an array instead of a string to Guzzle, and populate 'http' and 'https' URI schemes with proxy URI, and 'no' with 'proxyexclude' list. Also, if no 'proxy' is configured, it will leave out 'proxy' request option, so it won't override Guzzle default values. Sample config file includes a hint on how to explicitly sync 'proxyexclude' with NO_PROXY, and a note about default values. Signed-off-by: Mohammed Abdellatif <m.latief@gmail.com>
* Update license headersChristoph Wurst2019-12-054-4/+18
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Set a default request timeoutRoeland Jago Douma2019-09-021-0/+1
| | | | | | | | This to avoid endless running processes. A default timeout of 30 seconds should cover the 99% case. If a job need specific longer time it should set that. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Correctly handle emtpy string in proxyuserpwd configScott Shambarger2019-08-111-4/+4
| | | | | | | | | | As documented, the default value for config value proxyuserpwd is ''. However, that value results in the error: "cURL error 5: Unsupported proxy syntax in '@'". This patch handles the values of '' and null (the default in the code) the same for config values proxyuserpwd and proxy. Signed-off-by: Scott Shambarger <devel@shambarger.net>
* Refactor getProxyUriDaniel Kesselberg2019-04-161-9/+6
| | | | | | Get proxyuserpwd only if proxy not empty. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Set User-Agent as header without middlewareDaniel Kesselberg2019-04-162-57/+35
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* HttpClient getHeader can return empty stringRoeland Jago Douma2019-01-081-1/+7
| | | | | | Fixes #11999 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make authenticated cookies laxRoeland Jago Douma2018-09-281-0/+75
| | | | | | | | | | | | | | This protects our cookies a bit more. It makes sure that when a 3rdparty websites embededs a public alendar for example. That all the users see this in anonymous mode there. It adds a small helper function. In the future we can think about protecting other cookies like this as well. But for now this is sufficient to not have the user logged in at all when doing 3rdparty requests. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix HTTP client given options being overriden by default optionsDaniel Calviño Sánchez2018-06-141-6/+6
| | | | | | | | | According to the array_merge documentation, "If the input arrays have the same string keys, then the later value for that key will overwrite the previous one." Thus, the default options must be the first parameter passed to array_merge. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
* adjust post body for new guzzleRobin Appelman2018-02-091-0/+4
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-02 06:19:46 +0000