Commit graph

48 commits

Author SHA1 Message Date
Daniel Kesselberg
8331d8296b
Make getServerHost more robust to faulty user input
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-01-16 11:26:29 +01:00
Daniel Kesselberg
d393b1612b
Modify regex to match some other chromium browsers
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-12-27 17:24:52 +01:00
Christoph Wurst
5bf3d1bb38
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Julius Härtl
a055d8ddf9
Always return overwritehost if configured
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-11-28 15:02:33 +01:00
Roeland Jago Douma
68748d4f85
Some php-cs fixes
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
Daniel Kesselberg
fdf4e1ebb2
Remove duplicate code
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-10-08 00:46:50 +02:00
Julius Härtl
299759b836
Handle throwables in the http dispatcher
Co-authored-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-08-29 17:19:14 +02:00
b108@volgograd
bf167ad3ac Remove duplicate functionality
This functionality implemented in the next line:

$requestUri = preg_replace('%/{2,}%', '/', $requestUri);
2019-01-20 13:29:58 +04:00
Roeland Jago Douma
514426e27d
Only trust the X-FORWARDED-HOST header for trusted proxies
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-17 15:54:45 +01:00
Morris Jobke
dccfe4bf84
Merge pull request #12036 from olivermg/master
Add capability of specifying "trusted_proxies" entries in CIDR notation (IPv4)
2018-10-30 10:49:08 +01:00
Oliver Wegner
401ca28f07 Adding handling of CIDR notation to trusted_proxies for IPv4
Signed-off-by: Oliver Wegner <void1976@gmail.com>
2018-10-30 09:15:42 +01:00
Daniel Kesselberg
986f4df2a5
Add REMOTE_ADDR to getHeader
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-10-25 22:26:49 +02:00
Robin Appelman
c0a283fefb
ensure we always return an array from Request::getParams
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-08-28 18:11:42 +02:00
Roeland Jago Douma
043a824e6a
Fix comments
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
Roeland Jago Douma
0ee45d3d20
Fix proper types
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
Roeland Jago Douma
a229095af1
Make Request strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
Roeland Jago Douma
ca9f364fd4
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 10:55:52 +01:00
Roeland Jago Douma
bb0c7b2943
Make AppFramework/Http/Dispatcher strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 08:51:46 +01:00
Morris Jobke
4ef302c0be
Request->getHeader() should always return a string
PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant.

Found while enabling the strict_typing for lib/private for the PHP7+ migration.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-17 09:51:31 +01:00
Roeland Jago Douma
ca70694502
Also check for empty content lenth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-14 21:48:59 +01:00
Morris Jobke
31c5c2a592
Change @georgehrke's email
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 20:38:59 +01:00
Morris Jobke
0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Roeland Jago Douma
c257cd57d4
Handle SameSiteCookie check for index.php in AppFramework Middleware
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-24 21:07:16 +02:00
Roeland Jago Douma
9717cdfb9e
If there is no content don't error
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 15:51:13 +02:00
Roeland Jago Douma
ede15f0988
Fix L10N::t
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-01 08:20:17 +02:00
coderkun
bdc7bb1f26 Add IPv6 to “localhost” regex (#440)
Signed-off-by: Oliver Hanraths <olli@coderkun.de>
2017-05-14 21:29:03 +02:00
Joas Schilling
695696a4a6
Use constants
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:04:32 -05:00
Juan Pablo Villafáñez
38e5135cb9
Reorder the entries of the log for easier reading 2017-04-12 13:03:19 +02:00
Roeland Jago Douma
2a9192334e
Don't try to parse empty body if there is no body
Fixes #3890

If we do a put request without a body the current code still tries to
read the body. This patch makes sure that we do not try to read the body
if the content length is 0.

See RFC 2616 Section 4.3

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-04 08:22:33 +02:00
Roeland Jago Douma
8626ccab1c
dont require strict same site cookies for ocs requests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-09 16:48:48 +01:00
Joas Schilling
33fb86f68b
Fix detection of the new iOS app
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-10 10:10:21 +01:00
Christoph Wurst
5e728d0eda oc_token should be nc_token
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-02-02 21:56:44 +01:00
Lukas Reschke
a05b8b7953
Harden cookies more appropriate
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.

See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.

Fixes https://github.com/nextcloud/server/issues/1412

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-23 12:53:44 +01:00
Robin Appelman
4235b18a88
allow passing a stream to StreamResponse
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:30:36 +01:00
Joas Schilling
c20ab0049f
Identify Chromium as Chrome
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-26 12:07:10 +02:00
Joas Schilling
f9cea0b582 Merge pull request #797 from nextcloud/only-match-for-auth-cookie
Match only for actual session cookie
2016-08-31 15:59:16 +02:00
Lukas Reschke
d50e7ee36c
Remove reading PATH_INFO from server variable
Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used.

Fixes https://github.com/nextcloud/server/issues/983
2016-08-19 14:48:13 +02:00
Roeland Jago Douma
8f3dc0ba43
Remove IE_8 user agent string 2016-08-16 21:01:32 +02:00
Lukas Reschke
b53ea18ea5
Match only for actual session cookie
OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.
2016-08-09 19:23:08 +02:00
Morris Jobke
8c7d7d7746 Merge pull request #507 from nextcloud/run-le-script
Update emails and license headers with latest changes
2016-07-21 23:27:15 +02:00
Joas Schilling
0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling
ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Roeland Jago Douma
e42f2f2650
AppFramework do not get default response
The OCSResponse differs from other responses in that it defaults to
XML. However we fell back to json by default.

This makes sure that if nothing is set we don't pass anything.
Which defaults then to the controllers default (which is often 'json')
but in the case of the OCSResponse 'xml'.
2016-07-20 22:05:43 +02:00
Lukas Reschke
a299fa38a9
[master] Port Same-Site Cookies to master
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
Joas Schilling
b1d652e8b0
Copy the regexes to the public interface 2016-07-18 15:11:44 +02:00
Lukas Reschke
aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Roeland Jago Douma
eb11ed1851
Make ownCloud work again in php 7.0.6
See https://bugs.php.net/bug.php?id=72117
2016-04-28 12:23:17 +02:00
Roeland Jago Douma
1d33a5ef13
Move \OC\AppFramework to PSR-4
* Also moved the autoloader setup a bit up since we need it in initpaths
2016-04-22 15:28:09 +02:00