diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2014-12-03 23:13:27 +0300 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2014-12-05 13:29:00 +0300 |
| commit | 0b80c5e18e2dfbc492b380459a9b9dac4d2132c8 (patch) | |
| tree | c17ed391dd42659eb6c4e39de29e2e57f485b6b6 /lib/private/request.php | |
| parent | be26cccd8aa5a6e2eb97fb6d94bd20bda1e2e135 (diff) | |
Add workaround for older instances
To be removed with oCAdd workaround for older instances
To be removed with oC99
Diffstat (limited to 'lib/private/request.php')
| -rw-r--r-- | lib/private/request.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/private/request.php b/lib/private/request.php index 263a7e8d6ee..70f458c1f8f 100644 --- a/lib/private/request.php +++ b/lib/private/request.php @@ -47,13 +47,13 @@ class OC_Request { * of trusted domains. If no trusted domains have been configured, returns * true. * This is used to prevent Host Header Poisoning. - * @param string $domain + * @param string $domainWithPort * @return bool true if the given domain is trusted or if no trusted domains * have been configured */ - public static function isTrustedDomain($domain) { + public static function isTrustedDomain($domainWithPort) { // Extract port from domain if needed - $domain = self::getDomainWithoutPort($domain); + $domain = self::getDomainWithoutPort($domainWithPort); // FIXME: Empty config array defaults to true for now. - Deprecate this behaviour with ownCloud 8. $trustedList = \OC::$server->getConfig()->getSystemValue('trusted_domains', array()); @@ -61,6 +61,11 @@ class OC_Request { return true; } + // FIXME: Workaround for older instances still with port applied. Remove for ownCloud 9. + if(in_array($domainWithPort, $trustedList)) { + return true; + } + // Always allow access from localhost if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) { return true; |