|
14 | 14 | use OCP\IConfig; |
15 | 15 | use OCP\IRequest; |
16 | 16 | use OCP\IRequestId; |
| 17 | +use Psr\Log\LoggerInterface; |
17 | 18 | use Symfony\Component\HttpFoundation\IpUtils; |
18 | 19 |
|
19 | 20 | /** |
@@ -613,36 +614,50 @@ private function isOverwriteCondition(): bool { |
613 | 614 |
|
614 | 615 | /** |
615 | 616 | * Returns the server protocol. It respects one or more reverse proxies servers |
616 | | - * and load balancers |
| 617 | +<<<<<<< HEAD |
| 618 | + * and load balancers. Precedence: |
| 619 | +======= |
| 620 | + * and load balancers. Precedence: |
| 621 | +>>>>>>> ec37b3558fc (fix(AppFramework): Log malformed protocol values) |
| 622 | + * 1. `overwriteprotocol` config value |
| 623 | + * 2. `X-Forwarded-Proto` header value |
| 624 | + * 3. $_SERVER['HTTPS'] value |
| 625 | + * If an invalid protocol is provided, defaults to http and logs an error. |
| 626 | + * |
617 | 627 | * @return string Server protocol (http or https) |
618 | 628 | */ |
619 | 629 | public function getServerProtocol(): string { |
| 630 | + $proto = 'http'; |
| 631 | + |
620 | 632 | if ($this->config->getSystemValueString('overwriteprotocol') !== '' |
621 | | - && $this->isOverwriteCondition()) { |
622 | | - return $this->config->getSystemValueString('overwriteprotocol'); |
623 | | - } |
624 | | - |
625 | | - if ($this->fromTrustedProxy() && isset($this->server['HTTP_X_FORWARDED_PROTO'])) { |
| 633 | + && $this->isOverwriteCondition() |
| 634 | + ) { |
| 635 | + $proto = strtolower($this->config->getSystemValueString('overwriteprotocol')); |
| 636 | + } elseif ($this->fromTrustedProxy() |
| 637 | + && isset($this->server['HTTP_X_FORWARDED_PROTO']) |
| 638 | + ) { |
626 | 639 | if (str_contains($this->server['HTTP_X_FORWARDED_PROTO'], ',')) { |
627 | 640 | $parts = explode(',', $this->server['HTTP_X_FORWARDED_PROTO']); |
628 | 641 | $proto = strtolower(trim($parts[0])); |
629 | 642 | } else { |
630 | 643 | $proto = strtolower($this->server['HTTP_X_FORWARDED_PROTO']); |
631 | 644 | } |
632 | | - |
633 | | - // Verify that the protocol is always HTTP or HTTPS |
634 | | - // default to http if an invalid value is provided |
635 | | - return $proto === 'https' ? 'https' : 'http'; |
636 | | - } |
637 | | - |
638 | | - if (isset($this->server['HTTPS']) |
639 | | - && $this->server['HTTPS'] !== null |
| 645 | + } elseif (!empty($this->server['HTTPS']) |
640 | 646 | && $this->server['HTTPS'] !== 'off' |
641 | | - && $this->server['HTTPS'] !== '') { |
642 | | - return 'https'; |
| 647 | + ) { |
| 648 | + $proto = 'https'; |
643 | 649 | } |
644 | 650 |
|
645 | | - return 'http'; |
| 651 | + if ($proto !== 'https' && $proto !== 'http') { |
| 652 | + // log unrecognized value so admin has a chance to fix it |
| 653 | + \OC::$server->get(LoggerInterface::class)->critical( |
| 654 | + 'Server protocol is malformed [falling back to http] (check overwriteprotocol and/or X-Forwarded-Proto to remedy): ' . $proto, |
| 655 | + ['app' => 'core'] |
| 656 | + ); |
| 657 | + } |
| 658 | + |
| 659 | + // default to http if provided an invalid value |
| 660 | + return $proto === 'https' ? 'https' : 'http'; |
646 | 661 | } |
647 | 662 |
|
648 | 663 | /** |
@@ -729,11 +744,11 @@ public function getRawPathInfo(): string { |
729 | 744 | } |
730 | 745 |
|
731 | 746 | /** |
732 | | - * Get PathInfo from request |
| 747 | + * Get PathInfo from request (rawurldecoded) |
733 | 748 | * @throws \Exception |
734 | 749 | * @return string|false Path info or false when not found |
735 | 750 | */ |
736 | | - public function getPathInfo() { |
| 751 | + public function getPathInfo(): string|false { |
737 | 752 | $pathInfo = $this->getRawPathInfo(); |
738 | 753 | return \Sabre\HTTP\decodePath($pathInfo); |
739 | 754 | } |
|
0 commit comments