diff --git a/bbb-common-web/src/main/java/org/bigbluebutton/presentation/PresentationUrlDownloadService.java b/bbb-common-web/src/main/java/org/bigbluebutton/presentation/PresentationUrlDownloadService.java index ff2f2dad46..9638bdc65c 100755 --- a/bbb-common-web/src/main/java/org/bigbluebutton/presentation/PresentationUrlDownloadService.java +++ b/bbb-common-web/src/main/java/org/bigbluebutton/presentation/PresentationUrlDownloadService.java @@ -40,8 +40,8 @@ public class PresentationUrlDownloadService { private String presentationBaseURL; private String presentationDir; private String BLANK_PRESENTATION; - private List presentationDownloadSupportedProtocols; - private List presentationDownloadBlockedHosts; + private List insertDocumentSupportedProtocols; + private List insertDocumentBlockedHosts; private ScheduledExecutorService scheduledThreadPool = Executors.newScheduledThreadPool(3); @@ -229,8 +229,8 @@ public class PresentationUrlDownloadService { String protocol = url.getProtocol(); String host = url.getHost(); - if(presentationDownloadSupportedProtocols.stream().noneMatch(p -> p.equalsIgnoreCase(protocol))) { - if(presentationDownloadSupportedProtocols.size() == 1 && presentationDownloadSupportedProtocols.get(0).equalsIgnoreCase("*")) { + if(insertDocumentSupportedProtocols.stream().noneMatch(p -> p.equalsIgnoreCase(protocol))) { + if(insertDocumentSupportedProtocols.size() == 1 && insertDocumentSupportedProtocols.get(0).equalsIgnoreCase("all")) { log.warn("Warning: All protocols are supported for presentation download. It is recommended to only allow HTTPS."); } else { log.error("Invalid protocol [{}]", protocol); @@ -238,7 +238,7 @@ public class PresentationUrlDownloadService { } } - if(presentationDownloadBlockedHosts.stream().anyMatch(h -> h.equalsIgnoreCase(host))) { + if(insertDocumentBlockedHosts.stream().anyMatch(h -> h.equalsIgnoreCase(host))) { log.error("Attempted to download from blocked host [{}]", host); return false; } @@ -251,7 +251,7 @@ public class PresentationUrlDownloadService { InetAddress[] addresses = InetAddress.getAllByName(url.getHost()); InetAddressValidator validator = InetAddressValidator.getInstance(); - boolean localhostBlocked = presentationDownloadBlockedHosts.stream().anyMatch(h -> h.equalsIgnoreCase("localhost")); + boolean localhostBlocked = insertDocumentBlockedHosts.stream().anyMatch(h -> h.equalsIgnoreCase("localhost")); for(InetAddress address: addresses) { if(!validator.isValid(address.getHostAddress())) { @@ -346,12 +346,12 @@ public class PresentationUrlDownloadService { this.BLANK_PRESENTATION = blankPresentation; } - public void setPresentationDownloadSupportedProtocols(String presentationDownloadSupportedProtocols) { - this.presentationDownloadSupportedProtocols = new ArrayList<>(Arrays.asList(presentationDownloadSupportedProtocols.split(","))); + public void setInsertDocumentSupportedProtocols(String insertDocumentSupportedProtocols) { + this.insertDocumentSupportedProtocols = new ArrayList<>(Arrays.asList(insertDocumentSupportedProtocols.split(","))); } - public void setPresentationDownloadBlockedHosts(String presentationDownloadBlockedHosts) { - this.presentationDownloadBlockedHosts = new ArrayList<>(Arrays.asList(presentationDownloadBlockedHosts.split(","))); + public void setInsertDocumentBlockedHosts(String insertDocumentBlockedHosts) { + this.insertDocumentBlockedHosts = new ArrayList<>(Arrays.asList(insertDocumentBlockedHosts.split(","))); } } diff --git a/bigbluebutton-web/grails-app/conf/bigbluebutton.properties b/bigbluebutton-web/grails-app/conf/bigbluebutton.properties index 73c18aabec..be4f9506a3 100644 --- a/bigbluebutton-web/grails-app/conf/bigbluebutton.properties +++ b/bigbluebutton-web/grails-app/conf/bigbluebutton.properties @@ -373,12 +373,12 @@ beans.presentationService.preUploadedPresentationOverrideDefault=true presentationBaseURL=${bigbluebutton.web.serverURL}/bigbluebutton/presentation # Comma separated list of supported protocols for hosts to download presentations from -# By default all protocols are supported but it is HIGHLY recommended to only allow https to improve security -presentationDownloadSupportedProtocols=* +# By default only HTTPS is supported. To enable support for all protocols (NOT RECOMMENDED) use 'all' instead +insertDocumentSupportedProtocols=https # Comma separated list of hosts that presentations CANNOT be downloaded from # By default localhost is blocked (i.e. all IPs related to localhost will be blocked and cannot be used for presentation download) -presentationDownloadBlockedHosts=localhost +insertDocumentBlockedHosts=localhost #---------------------------------------------------- # The URL where the presentations will be loaded from. diff --git a/bigbluebutton-web/grails-app/conf/spring/resources.xml b/bigbluebutton-web/grails-app/conf/spring/resources.xml index 23b68703d9..380d255647 100755 --- a/bigbluebutton-web/grails-app/conf/spring/resources.xml +++ b/bigbluebutton-web/grails-app/conf/spring/resources.xml @@ -93,8 +93,8 @@ with BigBlueButton; if not, see . - - + +