[Pkg-owncloud-commits] [owncloud] 49/66: Revert "Backport #7259 to stable5"

Fri Apr 18 22:49:47 UTC 2014

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v5.0.15
in repository owncloud.

commit 3d72340adba0a86e38736f0b0915f4378aba3d1c
Author: Lukas Reschke <lukas at statuscode.ch>
Date:   Sat Feb 22 08:18:10 2014 +0100

    Revert "Backport #7259 to stable5"
    
    This reverts commit 7bc69c7ea5ca73883ed1b8869929789bf7e85cd7.
---
 config/config.sample.php |  3 ---
 lib/request.php          | 46 +++++++++++++++-------------------------------
 lib/setup.php            |  1 -
 lib/updater.php          | 15 +--------------
 4 files changed, 16 insertions(+), 49 deletions(-)

diff --git a/config/config.sample.php b/config/config.sample.php
index 77987a5..092480d 100755
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -53,9 +53,6 @@ $CONFIG = array(
 /* The optional authentication for the proxy to use to connect to the internet. The format is: [username]:[password] */
 "proxyuserpwd" => "",
 
-/* List of trusted domains, to prevent host header poisoning ownCloud is only using these Host headers */
-'trusted_domains' => array('demo.owncloud.org'),
-
 /* Theme to use for ownCloud */
 "theme" => "",
 
diff --git a/lib/request.php b/lib/request.php
index 2a7101e..d0b2fea 100755
--- a/lib/request.php
+++ b/lib/request.php
@@ -18,16 +18,6 @@ class OC_Request {
 	}
 
 	/**
-	* @brief Checks whether a domain is considered as trusted. This is used to prevent Host Header Poisoning.
-	* @param string $host
-	* @return bool
-	 */
-	public static function isTrustedDomain($domain) {
-		$trustedList = \OC_Config::getValue('trusted_domains', array(''));
- 		return in_array($domain, $trustedList);
-	}
-
-	/**
 	 * @brief Returns the server host
 	 * @returns string the server host
 	 *
@@ -46,28 +36,22 @@ class OC_Request {
 				$host = trim(array_pop(explode(",", $_SERVER['HTTP_X_FORWARDED_HOST'])));
 			}
 			else{
-				$host = $_SERVER['HTTP_X_FORWARDED_HOST'];
+				$host=$_SERVER['HTTP_X_FORWARDED_HOST'];
 			}
-		} else {
+		}
+		else{
 			if (isset($_SERVER['HTTP_HOST'])) {
-				$host = $_SERVER['HTTP_HOST'];
+				return $_SERVER['HTTP_HOST'];
 			}
 			if (isset($_SERVER['SERVER_NAME'])) {
-				$host = $_SERVER['SERVER_NAME'];
+				return $_SERVER['SERVER_NAME'];
 			}
+			return 'localhost';
 		}
-
-		// Verify that the host is a trusted domain if the trusted domains
-		// are defined
-		// If no trusted domain is provided the first trusted domain is returned
-		if(self::isTrustedDomain($host) || \OC_Config::getValue('trusted_domains', "") === "") {
-			return $host;
-		} else {
-			$trustedList = \OC_Config::getValue('trusted_domains', array(''));
-			return $trustedList[0];
-		}
+		return $host;
 	}
 
+
 	/**
 	* @brief Returns the server protocol
 	* @returns string the server protocol
@@ -80,14 +64,14 @@ class OC_Request {
 		}
 		if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
 			$proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']);
-			// Verify that the protocol is always HTTP or HTTPS
-			// default to http if an invalid value is provided
-			return $proto === 'https' ? 'https' : 'http';
-		}
-		if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
-			return 'https';
+		}else{
+			if(isset($_SERVER['HTTPS']) and !empty($_SERVER['HTTPS']) and ($_SERVER['HTTPS']!='off')) {
+				$proto = 'https';
+			}else{
+				$proto = 'http';
+			}
 		}
-		return 'http';
+		return $proto;
 	}
 
 	/**
diff --git a/lib/setup.php b/lib/setup.php
index d00e860..2a43f7b 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -84,7 +84,6 @@ class OC_Setup {
 			OC_Config::setValue('passwordsalt', $salt);
 
 			//write the config file
-			OC_Config::setValue('trusted_domains', array(OC_Request::serverHost())); 
 			OC_Config::setValue('datadirectory', $datadir);
 			OC_Config::setValue('dbtype', $dbtype);
 			OC_Config::setValue('version', implode('.', OC_Util::getVersion()));
diff --git a/lib/updater.php b/lib/updater.php
index ec10377..d0ae1fb 100644
--- a/lib/updater.php
+++ b/lib/updater.php
@@ -97,19 +97,6 @@ class OC_Updater extends BasicEmitter {
 		$currentVersion = implode('.', \OC_Util::getVersion());
 		\OC_Log::write('core', 'starting upgrade from ' . $installedVersion . ' to ' . $currentVersion, \OC_Log::WARN);
 		$this->emit('\OC_Updater', 'maintenanceStart');
-
-		/*
-		 * START CONFIG CHANGES FOR OLDER VERSIONS
-		 */
-		if (version_compare($currentVersion, '5.00.29', '<')) {
-			// Add the overwriteHost config if it is not existant
-			// This is added to prevent host header poisoning
-			\OC_Config::setValue('trusted_domains', \OC_Config::getValue('trusted_domains', array(\OC_Request::serverHost()))); 
-		}
-		/*
-		 * STOP CONFIG CHANGES FOR OLDER VERSIONS
-		 */
-
 		try {
 			\OC_DB::updateDbFromStructure(\OC::$SERVERROOT . '/db_structure.xml');
 			$this->emit('\OC_Updater', 'dbUpgrade');
@@ -170,4 +157,4 @@ class OC_Updater extends BasicEmitter {
 		}
 		$this->emit('\OC_Updater', 'filecacheDone');
 	}
-}
+}
\ No newline at end of file

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

