diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php
index 7d6a49202c69a22232773e1d999c04a97ffe0511..f826ef45bb5e135ebe0f043e4cdf8102e312c57e 100644
--- a/lib/private/appframework/http/request.php
+++ b/lib/private/appframework/http/request.php
@@ -659,11 +659,6 @@ class Request implements \ArrayAccess, \Countable, IRequest {
* @return string Server host
*/
public function getServerHost() {
- // FIXME: Ugly workaround that we need to get rid of
- if (\OC::$CLI && defined('PHPUNIT_RUN')) {
- return 'localhost';
- }
-
// overwritehost is always trusted
$host = $this->getOverwriteHost();
if ($host !== null) {
@@ -681,7 +676,11 @@ class Request implements \ArrayAccess, \Countable, IRequest {
return $host;
} else {
$trustedList = $this->config->getSystemValue('trusted_domains', []);
- return $trustedList[0];
+ if(!empty($trustedList)) {
+ return $trustedList[0];
+ } else {
+ return '';
+ }
}
}
diff --git a/tests/lib/appframework/http/RequestTest.php b/tests/lib/appframework/http/RequestTest.php
index a4bf3519bfcecc69e3fc5cec6240317e04342156..de3430d757c7e44f29f5ca53810a897e43aae699 100644
--- a/tests/lib/appframework/http/RequestTest.php
+++ b/tests/lib/appframework/http/RequestTest.php
@@ -773,7 +773,23 @@ class RequestTest extends \Test\TestCase {
$this->assertEquals('from.forwarded.host2:8080', $request->getInsecureServerHost());
}
- public function testGetServerHost() {
+ public function testGetServerHostWithOverwriteHost() {
+ $this->config
+ ->expects($this->at(0))
+ ->method('getSystemValue')
+ ->with('overwritehost')
+ ->will($this->returnValue('my.overwritten.host'));
+ $this->config
+ ->expects($this->at(1))
+ ->method('getSystemValue')
+ ->with('overwritecondaddr')
+ ->will($this->returnValue(''));
+ $this->config
+ ->expects($this->at(2))
+ ->method('getSystemValue')
+ ->with('overwritehost')
+ ->will($this->returnValue('my.overwritten.host'));
+
$request = new Request(
[],
$this->secureRandom,
@@ -781,7 +797,80 @@ class RequestTest extends \Test\TestCase {
$this->stream
);
- $this->assertEquals('localhost', $request->getServerHost());
+ $this->assertEquals('my.overwritten.host', $request->getServerHost());
+ }
+
+ public function testGetServerHostWithTrustedDomain() {
+ $this->config
+ ->expects($this->at(3))
+ ->method('getSystemValue')
+ ->with('trusted_domains')
+ ->will($this->returnValue(['my.trusted.host']));
+
+ $request = new Request(
+ [
+ 'server' => [
+ 'HTTP_X_FORWARDED_HOST' => 'my.trusted.host',
+ ],
+ ],
+ $this->secureRandom,
+ $this->config,
+ $this->stream
+ );
+
+ $this->assertEquals('my.trusted.host', $request->getServerHost());
+ }
+
+ public function testGetServerHostWithUntrustedDomain() {
+ $this->config
+ ->expects($this->at(3))
+ ->method('getSystemValue')
+ ->with('trusted_domains')
+ ->will($this->returnValue(['my.trusted.host']));
+ $this->config
+ ->expects($this->at(4))
+ ->method('getSystemValue')
+ ->with('trusted_domains')
+ ->will($this->returnValue(['my.trusted.host']));
+
+ $request = new Request(
+ [
+ 'server' => [
+ 'HTTP_X_FORWARDED_HOST' => 'my.untrusted.host',
+ ],
+ ],
+ $this->secureRandom,
+ $this->config,
+ $this->stream
+ );
+
+ $this->assertEquals('my.trusted.host', $request->getServerHost());
+ }
+
+ public function testGetServerHostWithNoTrustedDomain() {
+ $this->config
+ ->expects($this->at(3))
+ ->method('getSystemValue')
+ ->with('trusted_domains')
+ ->will($this->returnValue([]));
+ $this->config
+ ->expects($this->at(4))
+ ->method('getSystemValue')
+ ->with('trusted_domains')
+ ->will($this->returnValue([]));
+
+ $request = new Request(
+ [
+ 'server' => [
+ 'HTTP_X_FORWARDED_HOST' => 'my.untrusted.host',
+ ],
+ ],
+ $this->secureRandom,
+ $this->config,
+ $this->stream
+ );
+
+ $this->assertEquals('', $request->getServerHost());
}
public function testGetOverwriteHostDefaultNull() {