diff --git a/lib/private/Http/Client/Client.php b/lib/private/Http/Client/Client.php index 40ce012cd1a0d..62209ff9040d1 100644 --- a/lib/private/Http/Client/Client.php +++ b/lib/private/Http/Client/Client.php @@ -158,14 +158,15 @@ private function isLocalAddressAllowed(array $options) : bool { } protected function preventLocalAddress(string $uri, array $options): void { - if ($this->isLocalAddressAllowed($options)) { - return; - } - $host = parse_url($uri, PHP_URL_HOST); if ($host === false || $host === null) { throw new LocalServerException('Could not detect any host'); } + + if ($this->isLocalAddressAllowed($options)) { + return; + } + if (!$this->remoteHostValidator->isValid($host)) { throw new LocalServerException('Host "' . $host . '" violates local access rules'); } diff --git a/tests/lib/Http/Client/ClientTest.php b/tests/lib/Http/Client/ClientTest.php index 237bb1299e526..47a6b885aed09 100644 --- a/tests/lib/Http/Client/ClientTest.php +++ b/tests/lib/Http/Client/ClientTest.php @@ -130,6 +130,13 @@ public function testGetProxyUriProxyHostWithPasswordAndExclude(): void { ], self::invokePrivate($this->client, 'getProxyUri')); } + public function testPreventLocalAddressThrowOnInvalidUri(): void { + $this->expectException(LocalServerException::class); + $this->expectExceptionMessage('Could not detect any host'); + + self::invokePrivate($this->client, 'preventLocalAddress', ['!@#$', []]); + } + public function dataPreventLocalAddress():array { return [ ['https://localhost/foo.bar'], @@ -146,7 +153,6 @@ public function dataPreventLocalAddress():array { ['https://10.0.0.1'], ['https://another-host.local'], ['https://service.localhost'], - ['!@#$', true], // test invalid url ['https://normal.host.com'], ['https://com.one-.nextcloud-one.com'], ];