Ignore port for trusted domains

This lead to a lot of confusion in the past and did not really offer any value. Let's remove the port check therefore. (it's anyways not really a part of the domain)

Fixes https://github.com/owncloud/core/issues/12150 and https://github.com/owncloud/core/issues/12123 and also a problem reported by @DeepDiver1975.

Conflicts:
	lib/private/request.php
This commit is contained in:
Lukas Reschke 2014-11-13 11:15:47 +01:00
parent 230e517f35
commit d0a30b0e55
4 changed files with 23 additions and 13 deletions

View File

@ -71,7 +71,7 @@ $CONFIG = array(
'trusted_domains' =>
array (
'demo.example.org',
'otherdomain.example.org:8080',
'otherdomain.example.org',
),

View File

@ -613,14 +613,8 @@ class OC {
header('HTTP/1.1 400 Bad Request');
header('Status: 400 Bad Request');
$domain = $_SERVER['SERVER_NAME'];
// Append port to domain in case it is not
if($_SERVER['SERVER_PORT'] !== '80' && $_SERVER['SERVER_PORT'] !== '443') {
$domain .= ':'.$_SERVER['SERVER_PORT'];
}
$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
$tmpl->assign('domain', $domain);
$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
$tmpl->printPage();
exit();

View File

@ -12,8 +12,7 @@ class OC_Request {
// Android Chrome user agent: https://developers.google.com/chrome/mobile/docs/user-agent
const USER_AGENT_ANDROID_MOBILE_CHROME = '#Android.*Chrome/[.0-9]*#';
const USER_AGENT_FREEBOX = '#^Mozilla/5\.0$#';
const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)(:[0-9]+|)$/';
const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)$/';
static protected $reqId;
/**
@ -76,13 +75,26 @@ class OC_Request {
* have been configured
*/
public static function isTrustedDomain($domain) {
$trustedList = \OC_Config::getValue('trusted_domains', array());
// Extract port from domain if needed
$pos = strrpos($domain, ':');
if ($pos !== false) {
$port = substr($domain, $pos + 1);
if (is_numeric($port)) {
$domain = substr($domain, 0, $pos);
}
}
// FIXME: Empty config array defaults to true for now. - Deprecate this behaviour with ownCloud 8.
$trustedList = \OC::$server->getConfig()->getSystemValue('trusted_domains', array());
if (empty($trustedList)) {
return true;
}
// Always allow access from localhost
if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) {
return true;
}
return in_array($domain, $trustedList);
}

View File

@ -240,7 +240,7 @@ class Test_Request extends PHPUnit_Framework_TestCase {
}
public function trustedDomainDataProvider() {
$trustedHostTestList = array('host.one.test:8080', 'host.two.test:8080');
$trustedHostTestList = array('host.one.test', 'host.two.test', '[1fff:0:a88:85a3::ac1f]');
return array(
// empty defaults to true
array(null, 'host.one.test:8080', true),
@ -249,8 +249,12 @@ class Test_Request extends PHPUnit_Framework_TestCase {
// trust list when defined
array($trustedHostTestList, 'host.two.test:8080', true),
array($trustedHostTestList, 'host.two.test:9999', false),
array($trustedHostTestList, 'host.two.test:9999', true),
array($trustedHostTestList, 'host.three.test:8080', false),
array($trustedHostTestList, 'host.two.test:8080:aa:222', false),
array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]', true),
array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801', true),
array($trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801:34', false),
// trust localhost regardless of trust list
array($trustedHostTestList, 'localhost', true),