diff --git a/apps/user_webdavauth/templates/settings.php b/apps/user_webdavauth/templates/settings.php index ec6524ee4f..e199c32675 100755 --- a/apps/user_webdavauth/templates/settings.php +++ b/apps/user_webdavauth/templates/settings.php @@ -1,7 +1,7 @@
t('WebDAV Authentication'));?> -

+


t('ownCloud will send the user credentials to this URL. This plugin checks the response and will interpret the HTTP statuscodes 401 and 403 as invalid credentials, and all other responses as valid credentials.')); ?> diff --git a/apps/user_webdavauth/user_webdavauth.php b/apps/user_webdavauth/user_webdavauth.php index 6417e45434..146034a5d4 100755 --- a/apps/user_webdavauth/user_webdavauth.php +++ b/apps/user_webdavauth/user_webdavauth.php @@ -41,10 +41,16 @@ class OC_USER_WEBDAVAUTH extends OC_User_Backend { } public function checkPassword( $uid, $password ) { - $url= 'http://'.urlencode($uid).':'.urlencode($password).'@'.$this->webdavauth_url; + $arr = explode('://', $this->webdavauth_url, 2); + if( ! isset($arr) OR count($arr) !== 2) { + OC_Log::write('OC_USER_WEBDAVAUTH', 'Invalid Url: "'.$this->webdavauth_url.'" ', 3); + return false; + } + list($webdavauth_protocol, $webdavauth_url_path) = $arr; + $url= $webdavauth_protocol.'://'.urlencode($uid).':'.urlencode($password).'@'.$webdavauth_url_path; $headers = get_headers($url); if($headers==false) { - OC_Log::write('OC_USER_WEBDAVAUTH', 'Not possible to connect to WebDAV Url: "'.$this->webdavauth_url.'" ', 3); + OC_Log::write('OC_USER_WEBDAVAUTH', 'Not possible to connect to WebDAV Url: "'.$webdavauth_protocol.'://'.$webdavauth_url_path.'" ', 3); return false; }