mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #10889 from owncloud/moveTrustedDomainCheck 

Move trusted domain check to init()
This commit is contained in:
Lukas Reschke 2014-09-05 17:39:37 +02:00
parent d15c3e4030 c9afa60f62
commit f5951b2254
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
lib/base.php
View File

@ -583,6 +583,21 @@ class OC {
);
return;
}
$host = OC_Request::insecureServerHost();
// if the host passed in headers isn't trusted
if (!OC::$CLI
// overwritehost is always trusted
&& OC_Request::getOverwriteHost() === null
&& !OC_Request::isTrustedDomain($host)
) {
header('HTTP/1.1 400 Bad Request');
header('Status: 400 Bad Request');
$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
$tmpl->printPage();
return;
}
}
private static function registerLocalAddressBook() {
@ -683,21 +698,6 @@ class OC {
exit();
}
$host = OC_Request::insecureServerHost();
// if the host passed in headers isn't trusted
if (!OC::$CLI
// overwritehost is always trusted
&& OC_Request::getOverwriteHost() === null
&& !OC_Request::isTrustedDomain($host)
) {
header('HTTP/1.1 400 Bad Request');
header('Status: 400 Bad Request');
$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
$tmpl->printPage();
return;
}
$request = OC_Request::getPathInfo();
if (substr($request, -3) !== '.js') { // we need these files during the upgrade
self::checkMaintenanceMode();