nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-05-19 01:34:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

When creating an external bind attempts to create an external bind to the local host should be excluded

Browse Source
This commit is contained in:
Rob Ostensen 2011-12-02 11:16:28 -06:00
parent 35e1ae64b0
commit 5bea2e16d1
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
inc/caldav-BIND.php
View File

@ -47,7 +47,8 @@ if ( $destination->Exists() ) {
$request->PreconditionFailed(403,'DAV::can-overwrite',translate('A resource already exists at the destination.'));
}
if ( preg_match ( '{^https?://[A-Za-z][^/]*/.+$}', $href ) ) {
if ( preg_match ( '{^https?://[A-Za-z][^/]*/.+$}', $href ) && ! stripos( $href, 'localhost' ) < 9
&& ! stripos( $href, '127.0.0.1' ) < 9 && ! stripos( $href, $_SERVER['SERVER_NAME'] ) < 9 && ! stripos( $href, $_SERVER['SERVER_ADDR'] ) < 9 ) {
require_once('external-fetch.php');
$qry = new AwlQuery( );
$qry->QDo('SELECT collection_id FROM collection WHERE dav_name = :dav_name ', array( ':dav_name' => '/.external/'. md5($href) ));