Skip to content

Commit 48c807e

Browse files
come-ncbackportbot[bot]
come-nc
authored and
backportbot[bot]
committed
fix(setupchecks): Test overwrite.cli url first, then generated one, and
 trusted domains as last fallback. Signed-off-by: Côme Chilliet <[email protected]>
1 parent e004fb7 commit 48c807e

File tree

1 file changed

+30
-16
lines changed

1 file changed

+30
-16
lines changed

apps/settings/lib/SetupChecks/CheckServerResponseTrait.php

Lines changed: 30 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -52,36 +52,49 @@ protected function serverConfigHelp(): string {
5252

5353
/**
5454
* Get all possible URLs that need to be checked for a local request test.
55+
* This takes all `trusted_domains` and the CLI overwrite URL into account.
5556
*
56-
* @param string $url The relative URL to test
57+
* @param string $url The relative URL to test starting with a /
5758
* @return string[] List of possible absolute URLs
5859
*/
5960
protected function getTestUrls(string $url, bool $removeWebroot): array {
6061
$testUrls = [];
6162

62-
$webroot = $this->urlGenerator->getWebroot();
63+
$webroot = rtrim($this->urlGenerator->getWebroot(), '/');
6364

64-
$baseUrl = $this->normalizeUrl(
65-
$this->urlGenerator->getBaseUrl(),
66-
$webroot,
67-
$removeWebroot
68-
);
65+
/* Try overwrite.cli.url first, it’s supposed to be how the server contacts itself */
66+
$cliUrl = $this->config->getSystemValueString('overwrite.cli.url', '');
6967

70-
$testUrls[] = $baseUrl . $url;
68+
if ($cliUrl !== '') {
69+
$cliUrl = $this->normalizeUrl(
70+
$cliUrl,
71+
$webroot,
72+
$removeWebroot
73+
);
7174

72-
$cliUrl = $this->config->getSystemValueString('overwrite.cli.url', '');
73-
if ($cliUrl === '') {
74-
return $testUrls;
75+
$testUrls[] = $cliUrl . $url;
7576
}
7677

77-
$cliUrl = $this->normalizeUrl(
78-
$cliUrl,
78+
/* Try URL generator second */
79+
$baseUrl = $this->normalizeUrl(
80+
$this->urlGenerator->getBaseUrl(),
7981
$webroot,
8082
$removeWebroot
8183
);
8284

83-
if ($cliUrl !== $baseUrl) {
84-
$testUrls[] = $cliUrl . $url;
85+
if ($baseUrl !== $cliUrl) {
86+
$testUrls[] = $baseUrl . $url;
87+
}
88+
89+
/* Last resort: trusted domains */
90+
$hosts = $this->config->getSystemValue('trusted_domains', []);
91+
foreach ($hosts as $host) {
92+
if (str_contains($host, '*')) {
93+
/* Ignore domains with a wildcard */
94+
continue;
95+
}
96+
$hosts[] = 'https://' . $host . $url;
97+
$hosts[] = 'http://' . $host . $url;
8598
}
8699

87100
return $testUrls;
@@ -91,7 +104,8 @@ protected function getTestUrls(string $url, bool $removeWebroot): array {
91104
* Strip a trailing slash and remove the webroot if requested.
92105
*/
93106
protected function normalizeUrl(string $url, string $webroot, bool $removeWebroot): string {
94-
if ($removeWebroot && str_contains($url, $webroot)) {
107+
$url = rtrim($url, '/');
108+
if ($removeWebroot && str_ends_with($url, $webroot)) {
95109
$url = substr($url, -strlen($webroot));
96110
}
97111
return rtrim($url, '/');

0 commit comments

Comments
 (0)