From d0a30b0e55799e8f5348ee558346d6ebf32cedda Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Thu, 13 Nov 2014 11:15:47 +0100 Subject: Ignore port for trusted domains This lead to a lot of confusion in the past and did not really offer any value. Let's remove the port check therefore. (it's anyways not really a part of the domain) Fixes https://github.com/owncloud/core/issues/12150 and https://github.com/owncloud/core/issues/12123 and also a problem reported by @DeepDiver1975. Conflicts: lib/private/request.php --- lib/private/request.php | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'lib/private/request.php') diff --git a/lib/private/request.php b/lib/private/request.php index 1cfa4a150c5..d079dc110d1 100644 --- a/lib/private/request.php +++ b/lib/private/request.php @@ -12,8 +12,7 @@ class OC_Request { // Android Chrome user agent: https://developers.google.com/chrome/mobile/docs/user-agent const USER_AGENT_ANDROID_MOBILE_CHROME = '#Android.*Chrome/[.0-9]*#'; const USER_AGENT_FREEBOX = '#^Mozilla/5\.0$#'; - - const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)(:[0-9]+|)$/'; + const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)$/'; static protected $reqId; /** @@ -76,13 +75,26 @@ class OC_Request { * have been configured */ public static function isTrustedDomain($domain) { - $trustedList = \OC_Config::getValue('trusted_domains', array()); + // Extract port from domain if needed + $pos = strrpos($domain, ':'); + if ($pos !== false) { + $port = substr($domain, $pos + 1); + if (is_numeric($port)) { + $domain = substr($domain, 0, $pos); + } + } + + // FIXME: Empty config array defaults to true for now. - Deprecate this behaviour with ownCloud 8. + $trustedList = \OC::$server->getConfig()->getSystemValue('trusted_domains', array()); if (empty($trustedList)) { return true; } + + // Always allow access from localhost if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) { return true; } + return in_array($domain, $trustedList); } -- cgit v1.2.3