Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do only follow HTTP and HTTPS redirects #11248

Merged
merged 1 commit into from
Oct 16, 2014
Merged

Do only follow HTTP and HTTPS redirects #11248

merged 1 commit into from
Oct 16, 2014

Conversation

LukasReschke
Copy link
Member

Backport of #11032 to stable6

@LukasReschke
Do only follow HTTP and HTTPS redirects
b2798af 
We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)

Get final redirect manually using get_headers()

Migrate to HTTPHelper class and add unit tests

Conflicts:
	apps/files/ajax/newfile.php
	lib/private/files/storage/dav.php
	lib/private/server.php
	lib/private/util.php
	lib/public/iservercontainer.php
@LukasReschke LukasReschke mentioned this pull request Sep 23, 2014
Merged
@ghost
Copy link

ghost commented Sep 23, 2014

💣 Test FAILed. 💣
Refer to this link for build results (access rights to CI server needed):
https://ci.owncloud.org//job/pull-request-analyser/7550/

@LukasReschke
Copy link
Member Author

@owncloud-bot Retest this please.

@ghost
Copy link

ghost commented Sep 23, 2014

🚀 Test PASSed. 🚀
Refer to this link for build results (access rights to CI server needed):
https://ci.owncloud.org//job/pull-request-analyser/7561/

@karlitschek
Copy link
Contributor

looks good. But not tested 👍

@LukasReschke
Copy link
Member Author

Removing gold since it's only a backport of a goldy. Assigning backport request label.

Another reviewer please. @th3fallen

@LukasReschke
Copy link
Member Author

See #11249 for stable5

@LukasReschke LukasReschke mentioned this pull request Oct 1, 2014
Merged
@ghost
Copy link

ghost commented Oct 6, 2014

💣 Test FAILed. 💣
Refer to this link for build results (access rights to CI server needed):
https://ci.owncloud.org//job/pull-request-analyser-ng/17/

@LukasReschke
Copy link
Member Author

@owncloud-bot Retest this please.

@ghost
Copy link

ghost commented Oct 9, 2014

💣 Test FAILed. 💣
Refer to this link for build results (access rights to CI server needed):
https://ci.owncloud.org//job/pull-request-analyser-ng/188/

Build result: FAILURE

[...truncated 6 lines...] > git --version # timeout=10 > git fetch --tags --progress https://github.com/owncloud/core.git +refs/heads/:refs/remotes/origin/ > git config remote.origin.url https://github.com/owncloud/core.git # timeout=10 > git config remote.origin.fetch +refs/heads/:refs/remotes/origin/ # timeout=10 > git config remote.origin.url https://github.com/owncloud/core.git # timeout=10Fetching upstream changes from https://github.com/owncloud/core.git > git fetch --tags --progress https://github.com/owncloud/core.git +refs/pull/:refs/remotes/origin/pr/ > git rev-parse origin/pr/11248/merge^{commit} # timeout=10Checking out Revision f11e8c0d48d5809f9f5dd1f4d8eb8d60afc3b2ea (detached) > git config core.sparsecheckout # timeout=10 > git checkout -f f11e8c0d48d5809f9f5dd1f4d8eb8d60afc3b2ea > git rev-list f4a2d6ac6d5a3f1d31f3a31562fa00440367d160 # timeout=10 > git remote # timeout=10 > git submodule init # timeout=10 > git submodule sync # timeout=10 > git config --get remote.origin.url # timeout=10 > git submodule update --init --recursiveTriggering pull-request-analyser-ng » sqlite,vm-slave-02Configuration pull-request-analyser-ng » sqlite,vm-slave-02 is still in the queue: Waiting for next available executor on vm-slave-02Touchstone configurations resulted in FAILURE, so aborting...Started calculate disk usage of buildFinished Calculation of disk usage of build in 0 secondsStarted calculate disk usage of workspaceFinished Calculation of disk usage of workspace in 4 second:bomb: Test FAILed. :bomb:

@LukasReschke
Copy link
Member Author

@DeepDiver1975 FYI:

09:38:51 [Cobertura] No coverage results were found using the pattern 'tests/karma-coverage/**/cobertura-coverage.xml' relative to '/var/jenkins/workspace/pull-request-analyser-ng@4/database/sqlite/label/vm-slave-02'.  Did you enter a pattern relative to the correct directory?  Did you generate the XML report(s) for Cobertura?
09:38:51 Build step 'Publish Cobertura Coverage Report' changed build result to FAILURE

@LukasReschke
Copy link
Member Author

@owncloud-bot Retest this please.

1 similar comment
@LukasReschke
Copy link
Member Author

@owncloud-bot Retest this please.

@LukasReschke
Copy link
Member Author

@icewind1991 @PVince81 Please test and review.

@ghost
Copy link

ghost commented Oct 15, 2014

💣 Test FAILed. 💣
Refer to this link for build results (access rights to CI server needed):
https://ci.owncloud.org//job/pull-request-analyser-ng-simple/292/

Build result: FAILURE

GitHub pull request #11248 of commit b2798af automatically merged.Building remotely on vm-slave-02 (SLAVE) in workspace /var/jenkins/workspace/pull-request-analyser-ng-simple@22 > git rev-parse --is-inside-work-tree # timeout=10Fetching changes from the remote Git repository > git config remote.origin.url https://github.com/owncloud/core.git # timeout=10Fetching upstream changes from https://github.com/owncloud/core.git > git --version # timeout=10 > git fetch --tags --progress https://github.com/owncloud/core.git +refs/pull/:refs/remotes/origin/pr/ > git rev-parse origin/pr/11248/merge^{commit} # timeout=10Checking out Revision 50c56d39ed2a638d2a0cfc506f220c8a551897df (detached) > git config core.sparsecheckout # timeout=10 > git checkout -f 50c56d39ed2a638d2a0cfc506f220c8a551897df > git rev-list 223ff8dbfd72c612664d0b7fe86a7fb0c66cc1a8 # timeout=10 > git remote # timeout=10 > git submodule init # timeout=10 > git submodule sync # timeout=10 > git config --get remote.origin.url # timeout=10 > git submodule update --init --recursiveTriggering pull-request-analyser-ng-simple » vm-slave-02Configuration pull-request-analyser-ng-simple » vm-slave-02 is still in the queue: Waiting for next available executor on vm-slave-02pull-request-analyser-ng-simple » vm-slave-02 completed with result FAILUREStarted calculate disk usage of buildFinished Calculation of disk usage of build in 0 secondsStarted calculate disk usage of workspaceFinished Calculation of disk usage of workspace in 13 second
💣 Test FAILed. 💣

@LukasReschke LukasReschke added this to the ownCloud 6.0.6 milestone Oct 16, 2014
@LukasReschke
Copy link
Member Author

@owncloud-bot Retest this please.

@ghost
Copy link

ghost commented Oct 16, 2014

💣 Test FAILed. 💣
Refer to this link for build results (access rights to CI server needed):
https://ci.owncloud.org//job/pull-request-analyser-ng-simple/359/

Build result: FAILURE

GitHub pull request #11248 of commit b2798af automatically merged.Building remotely on vm-slave-02 (SLAVE) in workspace /var/jenkins/workspace/pull-request-analyser-ng-simple > git rev-parse --is-inside-work-tree # timeout=10Fetching changes from the remote Git repository > git config remote.origin.url https://github.com/owncloud/core.git # timeout=10Fetching upstream changes from https://github.com/owncloud/core.git > git --version # timeout=10 > git fetch --tags --progress https://github.com/owncloud/core.git +refs/pull/:refs/remotes/origin/pr/ > git rev-parse origin/pr/11248/merge^{commit} # timeout=10Checking out Revision 84ecaaec5d067896f1e088b6233aec83228d9357 (detached) > git config core.sparsecheckout # timeout=10 > git checkout -f 84ecaaec5d067896f1e088b6233aec83228d9357 > git rev-list 49ee52d21e7fae07d33530fb340d55eaad194c4e # timeout=10 > git remote # timeout=10 > git submodule init # timeout=10 > git submodule sync # timeout=10 > git config --get remote.origin.url # timeout=10 > git submodule update --init --recursiveTriggering pull-request-analyser-ng-simple » vm-slave-02Configuration pull-request-analyser-ng-simple » vm-slave-02 is still in the queue: Waiting for next available executor on vm-slave-02pull-request-analyser-ng-simple » vm-slave-02 completed with result FAILUREStarted calculate disk usage of buildFinished Calculation of disk usage of build in 0 secondsStarted calculate disk usage of workspaceFinished Calculation of disk usage of workspace in 2 second
💣 Test FAILed. 💣

@LukasReschke
Copy link
Member Author 

05:35:03 [Cobertura] No coverage results were found using the pattern 'tests/karma-coverage/**/cobertura-coverage.xml' relative to '/var/jenkins/workspace/pull-request-analyser-ng-simple/label/vm-slave-02'.  Did you enter a pattern relative to the correct directory?  Did you generate the XML report(s) for Cobertura?
05:35:03 Build step 'Publish Cobertura Coverage Report' changed build result to FAILURE

@DeepDiver1975 Still failing...

@PVince81
Copy link
Contributor

👍

LukasReschke added a commit that referenced this pull request Oct 16, 2014
@LukasReschke
Merge pull request #11248 from owncloud/11032-backport-stable6
870dc98 
Do only follow HTTP and HTTPS redirects
@LukasReschke LukasReschke merged commit 870dc98 into stable6 Oct 16, 2014
@LukasReschke LukasReschke deleted the 11032-backport-stable6 branch October 16, 2014 11:54
@lock lock bot locked as resolved and limited conversation to collaborators Aug 15, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
3 - To Review
Projects
None yet
Milestone
6.0.6
Development

Successfully merging this pull request may close these issues.
4 participants
@LukasReschke @karlitschek @PVince81 @MorrisJobke