From c42f5bc5f666290b99a1662b9048d3163bee0be9 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Tue, 26 Oct 2021 13:26:46 +0200
Subject: Add an OCP for trusted domain helper

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/private/Security/TrustedDomainHelper.php | 32 +++++++++++++++++-----------
 1 file changed, 19 insertions(+), 13 deletions(-)

(limited to 'lib/private/Security')

diff --git a/lib/private/Security/TrustedDomainHelper.php b/lib/private/Security/TrustedDomainHelper.php
index 49f4194d77f..175e4cbd356 100644
--- a/lib/private/Security/TrustedDomainHelper.php
+++ b/lib/private/Security/TrustedDomainHelper.php
@@ -31,13 +31,9 @@ namespace OC\Security;
 
 use OC\AppFramework\Http\Request;
 use OCP\IConfig;
+use OCP\Security\ITrustedDomainHelper;
 
-/**
- * Class TrustedDomain
- *
- * @package OC\Security
- */
-class TrustedDomainHelper {
+class TrustedDomainHelper implements ITrustedDomainHelper {
 	/** @var IConfig */
 	private $config;
 
@@ -65,13 +61,23 @@ class TrustedDomainHelper {
 	}
 
 	/**
-	 * Checks whether a domain is considered as trusted from the list
-	 * of trusted domains. If no trusted domains have been configured, returns
-	 * true.
-	 * This is used to prevent Host Header Poisoning.
-	 * @param string $domainWithPort
-	 * @return bool true if the given domain is trusted or if no trusted domains
-	 * have been configured
+	 * {@inheritDoc}
+	 */
+	public function isTrustedUrl(string $url): bool {
+		$parsedUrl = parse_url($url);
+		if (empty($parsedUrl['host'])) {
+			return false;
+		}
+
+		if (isset($parsedUrl['port']) && $parsedUrl['port']) {
+			return $this->isTrustedDomain($parsedUrl['host'] . ':' . $parsedUrl['port']);
+		}
+
+		return $this->isTrustedDomain($parsedUrl['host']);
+	}
+
+	/**
+	 * {@inheritDoc}
 	 */
 	public function isTrustedDomain(string $domainWithPort): bool {
 		// overwritehost is always trusted
-- 
cgit v1.2.3