Allow only secure package servers when running in enterprise mode

author Alexander Ebert <ebert@woltlab.com>

Wed, 18 Mar 2020 17:01:51 +0000 (18:01 +0100)

committer Alexander Ebert <ebert@woltlab.com>

Wed, 18 Mar 2020 17:01:51 +0000 (18:01 +0100)
author Alexander Ebert <ebert@woltlab.com>
Wed, 18 Mar 2020 17:01:51 +0000 (18:01 +0100)
committer Alexander Ebert <ebert@woltlab.com>
Wed, 18 Mar 2020 17:01:51 +0000 (18:01 +0100)
diff --git a/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php b/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php

index c96bbacaca08a1b50af6598e6f7da4b80cfb2c98..5cd2294177f2af63fa205432deb66ce5a3d167c7 100644 (file)
--- a/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php
+++ b/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php
@@ -60,7 +60,7 @@ class PackageUpdateServer extends DatabaseObject {
          * @param       integer[]       $packageUpdateServerIDs
          * @return      PackageUpdateServer[]
          */
-       public static function getActiveUpdateServers(array $packageUpdateServerIDs = []) {
+       public static final function getActiveUpdateServers(array $packageUpdateServerIDs = []) {
                 $list = new PackageUpdateServerList();
                 $list->getConditionBuilder()->add("isDisabled = ?", [0]);
                 if (!empty($packageUpdateServerIDs)) {
@@ -68,6 +68,12 @@ class PackageUpdateServer extends DatabaseObject {
                 }
                 $list->readObjects();
                 
+               if (ENABLE_ENTERPRISE_MODE) {
+                       return array_filter($list->getObjects(), function (PackageUpdateServer $server) {
+                               return $server->isWoltLabStoreServer() || $server->isTrustedServer();
+                       });
+               }
+               
                 return $list->getObjects();
         }
         
@@ -237,7 +243,7 @@ class PackageUpdateServer extends DatabaseObject {
          * 
          * @return      boolean
          */
-       public function isWoltLabUpdateServer() {
+       public final function isWoltLabUpdateServer() {
                 return Url::parse($this->serverURL)['host'] === 'update.woltlab.com';
         }
         
@@ -246,7 +252,7 @@ class PackageUpdateServer extends DatabaseObject {
          * 
          * @return      boolean
          */
-       public function isWoltLabStoreServer() {
+       public final function isWoltLabStoreServer() {
                 return Url::parse($this->serverURL)['host'] === 'store.woltlab.com';
         }
         
@@ -272,7 +278,7 @@ class PackageUpdateServer extends DatabaseObject {
                 }
                 
                 // custom override to allow testing and mirrors in enterprise environments
-               if (defined('UPDATE_SERVER_TRUSTED_MIRROR') && $host === UPDATE_SERVER_TRUSTED_MIRROR) {
+               if (defined('UPDATE_SERVER_TRUSTED_MIRROR') && !empty(UPDATE_SERVER_TRUSTED_MIRROR) && $host === UPDATE_SERVER_TRUSTED_MIRROR) {
                         return true;
                 }
author	Alexander Ebert <ebert@woltlab.com>
	Wed, 18 Mar 2020 17:01:51 +0000 (18:01 +0100)
committer	Alexander Ebert <ebert@woltlab.com>
	Wed, 18 Mar 2020 17:01:51 +0000 (18:01 +0100)