Merge pull request #7259 from owncloud/overwritehost-always
Add overwritehost config on setup and upgrade
This commit is contained in:
commit
c9ab11a9bd
|
@ -53,6 +53,9 @@ $CONFIG = array(
|
||||||
/* The optional authentication for the proxy to use to connect to the internet. The format is: [username]:[password] */
|
/* The optional authentication for the proxy to use to connect to the internet. The format is: [username]:[password] */
|
||||||
"proxyuserpwd" => "",
|
"proxyuserpwd" => "",
|
||||||
|
|
||||||
|
/* List of trusted domains, to prevent host header poisoning ownCloud is only using these Host headers */
|
||||||
|
'trusted_domains' => array('demo.owncloud.org'),
|
||||||
|
|
||||||
/* Theme to use for ownCloud */
|
/* Theme to use for ownCloud */
|
||||||
"theme" => "",
|
"theme" => "",
|
||||||
|
|
||||||
|
|
|
@ -24,6 +24,16 @@ class OC_Request {
|
||||||
or ($type !== 'protocol' and OC_Config::getValue('forcessl', false));
|
or ($type !== 'protocol' and OC_Config::getValue('forcessl', false));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Checks whether a domain is considered as trusted. This is used to prevent Host Header Poisoning.
|
||||||
|
* @param string $host
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public static function isTrustedDomain($domain) {
|
||||||
|
$trustedList = \OC_Config::getValue('trusted_domains', array(''));
|
||||||
|
return in_array($domain, $trustedList);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Returns the server host
|
* @brief Returns the server host
|
||||||
* @returns string the server host
|
* @returns string the server host
|
||||||
|
@ -43,21 +53,27 @@ class OC_Request {
|
||||||
$host = trim(array_pop(explode(",", $_SERVER['HTTP_X_FORWARDED_HOST'])));
|
$host = trim(array_pop(explode(",", $_SERVER['HTTP_X_FORWARDED_HOST'])));
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
$host=$_SERVER['HTTP_X_FORWARDED_HOST'];
|
$host = $_SERVER['HTTP_X_FORWARDED_HOST'];
|
||||||
}
|
}
|
||||||
}
|
} else {
|
||||||
else{
|
|
||||||
if (isset($_SERVER['HTTP_HOST'])) {
|
if (isset($_SERVER['HTTP_HOST'])) {
|
||||||
return $_SERVER['HTTP_HOST'];
|
$host = $_SERVER['HTTP_HOST'];
|
||||||
}
|
}
|
||||||
if (isset($_SERVER['SERVER_NAME'])) {
|
if (isset($_SERVER['SERVER_NAME'])) {
|
||||||
return $_SERVER['SERVER_NAME'];
|
$host = $_SERVER['SERVER_NAME'];
|
||||||
}
|
}
|
||||||
return 'localhost';
|
|
||||||
}
|
|
||||||
return $host;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Verify that the host is a trusted domain if the trusted domains
|
||||||
|
// are defined
|
||||||
|
// If no trusted domain is provided the first trusted domain is returned
|
||||||
|
if(self::isTrustedDomain($host) || \OC_Config::getValue('trusted_domains', "") === "") {
|
||||||
|
return $host;
|
||||||
|
} else {
|
||||||
|
$trustedList = \OC_Config::getValue('trusted_domains', array(''));
|
||||||
|
return $trustedList[0];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Returns the server protocol
|
* @brief Returns the server protocol
|
||||||
|
@ -71,14 +87,14 @@ class OC_Request {
|
||||||
}
|
}
|
||||||
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
|
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
|
||||||
$proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']);
|
$proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']);
|
||||||
}else{
|
// Verify that the protocol is always HTTP or HTTPS
|
||||||
if(isset($_SERVER['HTTPS']) and !empty($_SERVER['HTTPS']) and ($_SERVER['HTTPS']!='off')) {
|
// default to http if an invalid value is provided
|
||||||
$proto = 'https';
|
return $proto === 'https' ? 'https' : 'http';
|
||||||
}else{
|
|
||||||
$proto = 'http';
|
|
||||||
}
|
}
|
||||||
|
if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
|
||||||
|
return 'https';
|
||||||
}
|
}
|
||||||
return $proto;
|
return 'http';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -65,6 +65,7 @@ class OC_Setup {
|
||||||
OC_Config::setValue('passwordsalt', $salt);
|
OC_Config::setValue('passwordsalt', $salt);
|
||||||
|
|
||||||
//write the config file
|
//write the config file
|
||||||
|
OC_Config::setValue('trusted_domains', array(OC_Request::serverHost()));
|
||||||
OC_Config::setValue('datadirectory', $datadir);
|
OC_Config::setValue('datadirectory', $datadir);
|
||||||
OC_Config::setValue('dbtype', $dbtype);
|
OC_Config::setValue('dbtype', $dbtype);
|
||||||
OC_Config::setValue('version', implode('.', OC_Util::getVersion()));
|
OC_Config::setValue('version', implode('.', OC_Util::getVersion()));
|
||||||
|
|
|
@ -102,6 +102,20 @@ class Updater extends BasicEmitter {
|
||||||
$this->log->debug('starting upgrade from ' . $installedVersion . ' to ' . $currentVersion, array('app' => 'core'));
|
$this->log->debug('starting upgrade from ' . $installedVersion . ' to ' . $currentVersion, array('app' => 'core'));
|
||||||
}
|
}
|
||||||
$this->emit('\OC\Updater', 'maintenanceStart');
|
$this->emit('\OC\Updater', 'maintenanceStart');
|
||||||
|
|
||||||
|
/*
|
||||||
|
* START CONFIG CHANGES FOR OLDER VERSIONS
|
||||||
|
*/
|
||||||
|
if (version_compare($currentVersion, '6.90.1', '<')) {
|
||||||
|
// Add the overwriteHost config if it is not existant
|
||||||
|
// This is added to prevent host header poisoning
|
||||||
|
\OC_Config::setValue('trusted_domains', \OC_Config::getValue('trusted_domains', array(\OC_Request::serverHost())));
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
* STOP CONFIG CHANGES FOR OLDER VERSIONS
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
\OC_DB::updateDbFromStructure(\OC::$SERVERROOT . '/db_structure.xml');
|
\OC_DB::updateDbFromStructure(\OC::$SERVERROOT . '/db_structure.xml');
|
||||||
$this->emit('\OC\Updater', 'dbUpgrade');
|
$this->emit('\OC\Updater', 'dbUpgrade');
|
||||||
|
@ -162,3 +176,4 @@ class Updater extends BasicEmitter {
|
||||||
$this->emit('\OC\Updater', 'filecacheDone');
|
$this->emit('\OC\Updater', 'filecacheDone');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue