Merge pull request #7259 from owncloud/overwritehost-always

Add overwritehost config on setup and upgrade
This commit is contained in:
Lukas Reschke 2014-02-22 07:35:56 +01:00
commit c9ab11a9bd
4 changed files with 50 additions and 15 deletions

View File

@ -53,6 +53,9 @@ $CONFIG = array(
/* The optional authentication for the proxy to use to connect to the internet. The format is: [username]:[password] */ /* The optional authentication for the proxy to use to connect to the internet. The format is: [username]:[password] */
"proxyuserpwd" => "", "proxyuserpwd" => "",
/* List of trusted domains, to prevent host header poisoning ownCloud is only using these Host headers */
'trusted_domains' => array('demo.owncloud.org'),
/* Theme to use for ownCloud */ /* Theme to use for ownCloud */
"theme" => "", "theme" => "",

View File

@ -24,6 +24,16 @@ class OC_Request {
or ($type !== 'protocol' and OC_Config::getValue('forcessl', false)); or ($type !== 'protocol' and OC_Config::getValue('forcessl', false));
} }
/**
* @brief Checks whether a domain is considered as trusted. This is used to prevent Host Header Poisoning.
* @param string $host
* @return bool
*/
public static function isTrustedDomain($domain) {
$trustedList = \OC_Config::getValue('trusted_domains', array(''));
return in_array($domain, $trustedList);
}
/** /**
* @brief Returns the server host * @brief Returns the server host
* @returns string the server host * @returns string the server host
@ -43,21 +53,27 @@ class OC_Request {
$host = trim(array_pop(explode(",", $_SERVER['HTTP_X_FORWARDED_HOST']))); $host = trim(array_pop(explode(",", $_SERVER['HTTP_X_FORWARDED_HOST'])));
} }
else{ else{
$host=$_SERVER['HTTP_X_FORWARDED_HOST']; $host = $_SERVER['HTTP_X_FORWARDED_HOST'];
} }
} } else {
else{
if (isset($_SERVER['HTTP_HOST'])) { if (isset($_SERVER['HTTP_HOST'])) {
return $_SERVER['HTTP_HOST']; $host = $_SERVER['HTTP_HOST'];
} }
if (isset($_SERVER['SERVER_NAME'])) { if (isset($_SERVER['SERVER_NAME'])) {
return $_SERVER['SERVER_NAME']; $host = $_SERVER['SERVER_NAME'];
} }
return 'localhost';
}
return $host;
} }
// Verify that the host is a trusted domain if the trusted domains
// are defined
// If no trusted domain is provided the first trusted domain is returned
if(self::isTrustedDomain($host) || \OC_Config::getValue('trusted_domains', "") === "") {
return $host;
} else {
$trustedList = \OC_Config::getValue('trusted_domains', array(''));
return $trustedList[0];
}
}
/** /**
* @brief Returns the server protocol * @brief Returns the server protocol
@ -71,14 +87,14 @@ class OC_Request {
} }
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
$proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']); $proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']);
}else{ // Verify that the protocol is always HTTP or HTTPS
if(isset($_SERVER['HTTPS']) and !empty($_SERVER['HTTPS']) and ($_SERVER['HTTPS']!='off')) { // default to http if an invalid value is provided
$proto = 'https'; return $proto === 'https' ? 'https' : 'http';
}else{
$proto = 'http';
} }
if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
return 'https';
} }
return $proto; return 'http';
} }
/** /**

View File

@ -65,6 +65,7 @@ class OC_Setup {
OC_Config::setValue('passwordsalt', $salt); OC_Config::setValue('passwordsalt', $salt);
//write the config file //write the config file
OC_Config::setValue('trusted_domains', array(OC_Request::serverHost()));
OC_Config::setValue('datadirectory', $datadir); OC_Config::setValue('datadirectory', $datadir);
OC_Config::setValue('dbtype', $dbtype); OC_Config::setValue('dbtype', $dbtype);
OC_Config::setValue('version', implode('.', OC_Util::getVersion())); OC_Config::setValue('version', implode('.', OC_Util::getVersion()));

View File

@ -102,6 +102,20 @@ class Updater extends BasicEmitter {
$this->log->debug('starting upgrade from ' . $installedVersion . ' to ' . $currentVersion, array('app' => 'core')); $this->log->debug('starting upgrade from ' . $installedVersion . ' to ' . $currentVersion, array('app' => 'core'));
} }
$this->emit('\OC\Updater', 'maintenanceStart'); $this->emit('\OC\Updater', 'maintenanceStart');
/*
* START CONFIG CHANGES FOR OLDER VERSIONS
*/
if (version_compare($currentVersion, '6.90.1', '<')) {
// Add the overwriteHost config if it is not existant
// This is added to prevent host header poisoning
\OC_Config::setValue('trusted_domains', \OC_Config::getValue('trusted_domains', array(\OC_Request::serverHost())));
}
/*
* STOP CONFIG CHANGES FOR OLDER VERSIONS
*/
try { try {
\OC_DB::updateDbFromStructure(\OC::$SERVERROOT . '/db_structure.xml'); \OC_DB::updateDbFromStructure(\OC::$SERVERROOT . '/db_structure.xml');
$this->emit('\OC\Updater', 'dbUpgrade'); $this->emit('\OC\Updater', 'dbUpgrade');
@ -162,3 +176,4 @@ class Updater extends BasicEmitter {
$this->emit('\OC\Updater', 'filecacheDone'); $this->emit('\OC\Updater', 'filecacheDone');
} }
} }