commit
6a08fca363
|
@ -71,7 +71,7 @@ $CONFIG = array(
|
||||||
'trusted_domains' =>
|
'trusted_domains' =>
|
||||||
array (
|
array (
|
||||||
'demo.example.org',
|
'demo.example.org',
|
||||||
'otherdomain.example.org:8080',
|
'otherdomain.example.org',
|
||||||
),
|
),
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -613,14 +613,8 @@ class OC {
|
||||||
header('HTTP/1.1 400 Bad Request');
|
header('HTTP/1.1 400 Bad Request');
|
||||||
header('Status: 400 Bad Request');
|
header('Status: 400 Bad Request');
|
||||||
|
|
||||||
$domain = $_SERVER['SERVER_NAME'];
|
|
||||||
// Append port to domain in case it is not
|
|
||||||
if($_SERVER['SERVER_PORT'] !== '80' && $_SERVER['SERVER_PORT'] !== '443') {
|
|
||||||
$domain .= ':'.$_SERVER['SERVER_PORT'];
|
|
||||||
}
|
|
||||||
|
|
||||||
$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
|
$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
|
||||||
$tmpl->assign('domain', $domain);
|
$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
|
||||||
$tmpl->printPage();
|
$tmpl->printPage();
|
||||||
|
|
||||||
exit();
|
exit();
|
||||||
|
|
|
@ -93,7 +93,8 @@ class Repair extends BasicEmitter {
|
||||||
$steps = array(
|
$steps = array(
|
||||||
new InnoDB(),
|
new InnoDB(),
|
||||||
new Collation(\OC::$server->getConfig(), \OC_DB::getConnection()),
|
new Collation(\OC::$server->getConfig(), \OC_DB::getConnection()),
|
||||||
new SearchLuceneTables()
|
new SearchLuceneTables(),
|
||||||
|
new RepairConfig()
|
||||||
);
|
);
|
||||||
|
|
||||||
//There is no need to delete all previews on every single update
|
//There is no need to delete all previews on every single update
|
||||||
|
|
|
@ -12,8 +12,7 @@ class OC_Request {
|
||||||
// Android Chrome user agent: https://developers.google.com/chrome/mobile/docs/user-agent
|
// Android Chrome user agent: https://developers.google.com/chrome/mobile/docs/user-agent
|
||||||
const USER_AGENT_ANDROID_MOBILE_CHROME = '#Android.*Chrome/[.0-9]*#';
|
const USER_AGENT_ANDROID_MOBILE_CHROME = '#Android.*Chrome/[.0-9]*#';
|
||||||
const USER_AGENT_FREEBOX = '#^Mozilla/5\.0$#';
|
const USER_AGENT_FREEBOX = '#^Mozilla/5\.0$#';
|
||||||
|
const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)$/';
|
||||||
const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)(:[0-9]+|)$/';
|
|
||||||
static protected $reqId;
|
static protected $reqId;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -76,13 +75,26 @@ class OC_Request {
|
||||||
* have been configured
|
* have been configured
|
||||||
*/
|
*/
|
||||||
public static function isTrustedDomain($domain) {
|
public static function isTrustedDomain($domain) {
|
||||||
$trustedList = \OC_Config::getValue('trusted_domains', array());
|
// Extract port from domain if needed
|
||||||
|
$pos = strrpos($domain, ':');
|
||||||
|
if ($pos !== false) {
|
||||||
|
$port = substr($domain, $pos + 1);
|
||||||
|
if (is_numeric($port)) {
|
||||||
|
$domain = substr($domain, 0, $pos);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// FIXME: Empty config array defaults to true for now. - Deprecate this behaviour with ownCloud 8.
|
||||||
|
$trustedList = \OC::$server->getConfig()->getSystemValue('trusted_domains', array());
|
||||||
if (empty($trustedList)) {
|
if (empty($trustedList)) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Always allow access from localhost
|
||||||
if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) {
|
if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
return in_array($domain, $trustedList);
|
return in_array($domain, $trustedList);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -12,8 +12,16 @@ use OC\Hooks\BasicEmitter;
|
||||||
use OC\RepairStep;
|
use OC\RepairStep;
|
||||||
use Sabre\DAV\Exception;
|
use Sabre\DAV\Exception;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class RepairConfig
|
||||||
|
*
|
||||||
|
* @package OC\Repair
|
||||||
|
*/
|
||||||
class RepairConfig extends BasicEmitter implements RepairStep {
|
class RepairConfig extends BasicEmitter implements RepairStep {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
public function getName() {
|
public function getName() {
|
||||||
return 'Repair config';
|
return 'Repair config';
|
||||||
}
|
}
|
||||||
|
@ -23,6 +31,7 @@ class RepairConfig extends BasicEmitter implements RepairStep {
|
||||||
*/
|
*/
|
||||||
public function run() {
|
public function run() {
|
||||||
$this->addSecret();
|
$this->addSecret();
|
||||||
|
$this->removePortsFromTrustedDomains();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -34,4 +43,24 @@ class RepairConfig extends BasicEmitter implements RepairStep {
|
||||||
\OC::$server->getConfig()->setSystemValue('secret', $secret);
|
\OC::$server->getConfig()->setSystemValue('secret', $secret);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Remove ports from existing trusted domains in config.php
|
||||||
|
*/
|
||||||
|
private function removePortsFromTrustedDomains() {
|
||||||
|
$trustedDomains = \OC::$server->getConfig()->getSystemValue('trusted_domains', array());
|
||||||
|
$newTrustedDomains = array();
|
||||||
|
foreach($trustedDomains as $domain) {
|
||||||
|
$pos = strrpos($domain, ':');
|
||||||
|
if ($pos !== false) {
|
||||||
|
$port = substr($domain, $pos + 1);
|
||||||
|
if (is_numeric($port)) {
|
||||||
|
$domain = substr($domain, 0, $pos);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$newTrustedDomains[] = $domain;
|
||||||
|
}
|
||||||
|
\OC::$server->getConfig()->setSystemValue('trusted_domains', $newTrustedDomains);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -240,7 +240,7 @@ class Test_Request extends PHPUnit_Framework_TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function trustedDomainDataProvider() {
|
public function trustedDomainDataProvider() {
|
||||||
$trustedHostTestList = array('host.one.test:8080', 'host.two.test:8080');
|
$trustedHostTestList = array('host.one.test', 'host.two.test', '[1fff:0:a88:85a3::ac1f]');
|
||||||
return array(
|
return array(
|
||||||
// empty defaults to true
|
// empty defaults to true
|
||||||
array(null, 'host.one.test:8080', true),
|
array(null, 'host.one.test:8080', true),
|
||||||
|
@ -249,8 +249,12 @@ class Test_Request extends PHPUnit_Framework_TestCase {
|
||||||
|
|
||||||
// trust list when defined
|
// trust list when defined
|
||||||
array($trustedHostTestList, 'host.two.test:8080', true),
|
array($trustedHostTestList, 'host.two.test:8080', true),
|
||||||
array($trustedHostTestList, 'host.two.test:9999', false),
|
array($trustedHostTestList, 'host.two.test:9999', true),
|
||||||
array($trustedHostTestList, 'host.three.test:8080', false),
|
array($trustedHostTestList, 'host.three.test:8080', false),
|
||||||
|
array($trustedHostTestList, 'host.two.test:8080:aa:222', false),
|
||||||
|
array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]', true),
|
||||||
|
array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801', true),
|
||||||
|
array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801:34', false),
|
||||||
|
|
||||||
// trust localhost regardless of trust list
|
// trust localhost regardless of trust list
|
||||||
array($trustedHostTestList, 'localhost', true),
|
array($trustedHostTestList, 'localhost', true),
|
||||||
|
|
Loading…
Reference in New Issue