Skip to content

Commit c32f14e

Browse files
MorrisJobkeMorrisJobke
authored
Merge pull request nextcloud#16199 from nextcloud/bugfix/noid/refresh_webcal_job_enhancements
RefreshWebcalJob: replace ugly Regex with standard php utils
2 parents 93133b6 + 089a421 commit c32f14e

File tree

2 files changed

+20
-3
lines changed

2 files changed

+20
-3
lines changed

apps/dav/lib/BackgroundJob/RefreshWebcalJob.php

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -225,14 +225,25 @@ private function queryWebcalFeed(array $subscription, array &$mutations) {
225225
}
226226

227227
if ($allowLocalAccess !== 'yes') {
228-
$host = parse_url($url, PHP_URL_HOST);
228+
$host = strtolower(parse_url($url, PHP_URL_HOST));
229229
// remove brackets from IPv6 addresses
230230
if (strpos($host, '[') === 0 && substr($host, -1) === ']') {
231231
$host = substr($host, 1, -1);
232232
}
233233

234-
if ($host === 'localhost' || substr($host, -6) === '.local' || substr($host, -10) === '.localhost' ||
235-
preg_match('/(^127\.)|(^192\.168\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])/', $host)) {
234+
// Disallow localhost and local network
235+
if ($host === 'localhost' || substr($host, -6) === '.local' || substr($host, -10) === '.localhost') {
236+
$this->logger->warning("Subscription $subscriptionId was not refreshed because it violates local access rules");
237+
return null;
238+
}
239+
240+
// Disallow hostname only
241+
if (substr_count($host, '.') === 0) {
242+
$this->logger->warning("Subscription $subscriptionId was not refreshed because it violates local access rules");
243+
return null;
244+
}
245+
246+
if ((bool)filter_var($host, FILTER_VALIDATE_IP) && !filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
236247
$this->logger->warning("Subscription $subscriptionId was not refreshed because it violates local access rules");
237248
return null;
238249
}

apps/dav/tests/unit/BackgroundJob/RefreshWebcalJobTest.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -231,8 +231,14 @@ public function testRunLocalURL($source) {
231231
public function runLocalURLDataProvider():array {
232232
return [
233233
['localhost/foo.bar'],
234+
['localHost/foo.bar'],
235+
['random-host/foo.bar'],
234236
['[::1]/bla.blub'],
237+
['[::]/bla.blub'],
235238
['192.168.0.1'],
239+
['172.16.42.1'],
240+
['[fdf8:f53b:82e4::53]/secret.ics'],
241+
['[fe80::200:5aee:feaa:20a2]/secret.ics'],
236242
['10.0.0.1'],
237243
['another-host.local'],
238244
['service.localhost'],

0 commit comments

Comments
 (0)