[Pkg-owncloud-commits] [owncloud] 37/258: Move trusted domain check to init()

David Prévot taffit at moszumanska.debian.org
Sat Oct 11 17:22:18 UTC 2014 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud.

commit 640abbe09912448c119c62d60a46f89fb530ed2c
Author: Lukas Reschke <lukas at owncloud.com>
Date:   Fri Sep 5 14:10:35 2014 +0200

    Move trusted domain check to init()
    
    handleRequest() is not called from remote.php or public.php which made these files party available but all included apps in there produced errors.
    
    As the expected behaviour is anyways that a trusted domain warning is shown I moved this to init()
    
    Fixes https://github.com/owncloud/core/issues/10064
---
 lib/base.php | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index ab3e34a..999e219 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -560,6 +560,21 @@ class OC {
 				OC_Util::addScript('backgroundjobs');
 			}
 		}
+
+		$host = OC_Request::insecureServerHost();
+		// if the host passed in headers isn't trusted
+		if (!OC::$CLI
+			// overwritehost is always trusted
+			&& OC_Request::getOverwriteHost() === null
+			&& !OC_Request::isTrustedDomain($host)
+		) {
+			header('HTTP/1.1 400 Bad Request');
+			header('Status: 400 Bad Request');
+			$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
+			$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
+			$tmpl->printPage();
+			return;
+		}
 	}
 
 	private static function registerLocalAddressBook() {
@@ -661,21 +676,6 @@ class OC {
 			exit();
 		}
 
-		$host = OC_Request::insecureServerHost();
-		// if the host passed in headers isn't trusted
-		if (!OC::$CLI
-			// overwritehost is always trusted
-			&& OC_Request::getOverwriteHost() === null
-			&& !OC_Request::isTrustedDomain($host)) {
-
-			header('HTTP/1.1 400 Bad Request');
-			header('Status: 400 Bad Request');
-			$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
-			$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
-			$tmpl->printPage();
-			return;
-		}
-
 		$request = OC_Request::getPathInfo();
 		if (substr($request, -3) !== '.js') { // we need these files during the upgrade
 			self::checkMaintenanceMode();

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

More information about the Pkg-owncloud-commits mailing list