Ignore port for trusted domains

This lead to a lot of confusion in the past and did not really offer any value. Let's remove the port check therefore. (it's anyways not really a part of the domain)

Fixes https://github.com/owncloud/core/issues/12150 and https://github.com/owncloud/core/issues/12123 and also a problem reported by @DeepDiver1975.

1 files changed, 15 insertions, 2 deletions

diff --git a/lib/private/request.php b/lib/private/request.php
index 221a21a258f..b9b23776088 100644
--- a/lib/private/request.php
+++ b/lib/private/request.php
@@ -13,7 +13,7 @@ class OC_Request {
 	const USER_AGENT_ANDROID_MOBILE_CHROME = '#Android.*Chrome/[.0-9]*#';
 	const USER_AGENT_FREEBOX = '#^Mozilla/5\.0$#';
 
-	const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)(:[0-9]+|)$/';
+	const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)$/';
 
 	/**
 	 * Check overwrite condition
@@ -36,13 +36,26 @@ class OC_Request {
 	 * have been configured
 	 */
 	public static function isTrustedDomain($domain) {
-		$trustedList = \OC_Config::getValue('trusted_domains', array());
+		// Extract port from domain if needed
+		$pos = strrpos($domain, ':');
+		if ($pos !== false) {
+			$port = substr($domain, $pos + 1);
+			if (is_numeric($port)) {
+				$domain = substr($domain, 0, $pos);
+			}
+		}
+
+		// FIXME: Empty config array defaults to true for now. - Deprecate this behaviour with ownCloud 8.
+		$trustedList = \OC::$server->getConfig()->getSystemValue('trusted_domains', array());
 		if (empty($trustedList)) {
 			return true;
 		}
+
+		// Always allow access from localhost
 		if (preg_match(self::REGEX_LOCALHOST, $domain) === 1) {
 			return true;
 		}
+
 		return in_array($domain, $trustedList);
 	}