8000 Merge branch '2.8' into 3.4 · symfony/symfony@2bae183 · GitHub
[go: up one dir, main page]
Skip to content

Commit 2bae183

Browse files
nicolas-grekasnicolas-grekas
committed
Merge branch '2.8' into 3.4
* 2.8: [HttpFoundation] fix false-positive ConflictingHeadersException
2 parents a852df2 + 74a4cea commit 2bae183

File tree

2 files changed

+66
-6
lines changed

2 files changed

+66
-6
lines changed

src/Symfony/Component/HttpFoundation/Request.php

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2086,10 +2086,13 @@ private function getTrustedValues($type, $ip = null)
20862086

20872087
if (self::$trustedHeaders[self::HEADER_FORWARDED] && $this->headers->has(self::$trustedHeaders[self::HEADER_FORWARDED])) {
20882088
$forwardedValues = $this->headers->get(self::$trustedHeaders[self::HEADER_FORWARDED]);
2089-
$forwardedValues = preg_match_all(sprintf('{(?:%s)=(?:"?\[?)([a-zA-Z0-9\.:_\-/]*+)}', self::$forwardedParams[$type]), $forwardedValues, $matches) ? $matches[1] : array();
2089+
$forwardedValues = preg_match_all(sprintf('{(?:%s)="?([a-zA-Z0-9\.:_\-/\[\]]*+)}', self::$forwardedParams[$type]), $forwardedValues, $matches) ? $matches[1] : array();
20902090
if (self::HEADER_CLIENT_PORT === $type) {
20912091
foreach ($forwardedValues as $k => $v) {
2092-
$forwardedValues[$k] = substr_replace($v, '0.0.0.0', 0, strrpos($v, ':'));
2092+
if (']' === substr($v, -1) || false === $v = strrchr($v, ':')) {
2093+
$v = $this->isSecure() ? ':443' : ':80';
2094+
}
2095+
$forwardedValues[$k] = '0.0.0.0'.$v;
20932096
}
20942097
}
20952098
}
@@ -2124,9 +2127,17 @@ private function normalizeAndFilterClientIps(array $clientIps, $ip)
21242127
$firstTrustedIp = null;
21252128

21262129
foreach ($clientIps as $key => $clientIp) {
2127-
// Remove port (unfortunately, it does happen)
2128-
if (preg_match('{((?:\d+\.){3}\d+)\:\d+}', $clientIp, $match)) {
2129-
$clientIps[$key] = $clientIp = $match[1];
2130+
if (strpos($clientIp, '.')) {
2131+
// Strip :port from IPv4 addresses. This is allowed in Forwarded
2132+
// and may occur in X-Forwarded-For.
2133+
$i = strpos($clientIp, ':');
2134+
if ($i) {
2135+
$clientIps[$key] = $clientIp = substr($clientIp, 0, $i);
2136+
}
2137+
10000 } elseif ('[' == $clientIp[0]) {
2138+
// Strip brackets and :port from IPv6 addresses.
2139+
$i = strpos($clientIp, ']', 1);
2140+
$clientIps[$key] = $clientIp = substr($clientIp, 1, $i - 1);
21302141
}
21312142

21322143
if (!filter_var($clientIp, FILTER_VALIDATE_IP)) {

src/Symfony/Component/HttpFoundation/Tests/RequestTest.php

Lines changed: 50 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1019,7 +1019,7 @@ public function testGetClientIpsWithAgreeingHeaders($httpForwarded, $httpXForwar
10191019
'HTTP_X_FORWARDED_FOR' => $httpXForwardedFor,
10201020
);
10211021

1022-
Request::setTrustedProxies(array('88.88.88.88'), Request::HEADER_X_FORWARDED_ALL);
1022+
Request::setTrustedProxies(array('88.88.88.88'), -1);
10231023

10241024
$request->initialize(array(), array(), array(), array(), array(), $server);
10251025

@@ -2277,6 +2277,55 @@ public function testNonstandardRequests($requestUri, $queryString, $expectedPath
22772277
$this->assertEquals($expectedBaseUrl, $request->getBaseUrl());
22782278
$this->assertEquals($expectedBasePath, $request->getBasePath());
22792279
}
2280+
2281+
public function testTrustedHost()
2282+
{
2283+
Request::setTrustedProxies(array('1.1.1.1'), -1);
2284+
2285+
$request = Request::create('/');
2286+
$request->server->set('REMOTE_ADDR', '1.1.1.1');
2287+
$request->headers->set('Forwarded', 'host=localhost:8080');
2288+
$request->headers->set('X-Forwarded-Host', 'localhost:8080');
2289+
2290+
$this->assertSame('localhost:8080', $request->getHttpHost());
2291+
$this->assertSame(8080, $request->getPort());
2292+
2293+
$request = Request::create('/');
2294+
$request->server->set('REMOTE_ADDR', '1.1.1.1');
2295+
$request->headers->set('Forwarded', 'host="[::1]:443"');
2296+
$request->headers->set('X-Forwarded-Host', '[::1]:443');
2297+
$request->headers->set('X-Forwarded-Port', 443);
2298+
2299+
$this->assertSame('[::1]:443', $request->getHttpHost());
2300+
$this->assertSame(443, $request->getPort());
2301+
}
2302+
2303+
public function testTrustedPort()
2304+
{
2305+
Request::setTrustedProxies(array('1.1.1.1'), -1);
2306+
2307+
$request = Request::create('/');
2308+
$request->server->set('REMOTE_ADDR', '1.1.1.1');
2309+
$request->headers->set('Forwarded', 'host=localhost:8080');
2310+
$request->headers->set('X-Forwarded-Port', 8080);
2311+
2312+
$this->assertSame(8080, $request->getPort());
2313+
2314+
$request = Request::create('/');
2315+
$request->server->set('REMOTE_ADDR', '1.1.1.1');
2316+
$request->headers->set('Forwarded', 'host=localhost');
2317+
$request->headers->set('X-Forwarded-Port', 80);
2318+
2319+
$this->assertSame(80, $request->getPort());
2320+
2321+
$request = Request::create('/');
2322+
$request->server->set('REMOTE_ADDR', '1.1.1.1');
2323+
$request->headers->set('Forwarded', 'host="[::1]"');
2324+
$request->headers->set('X-Forwarded-Proto', 'https');
2325+
$request->headers->set('X-Forwarded-Port', 443);
2326+
2327+
$this->assertSame(443, $request->getPort());
2328+
}
22802329
}
22812330

22822331
class RequestContentProxy extends Request

0 commit comments

Comments
 (0)
0