symfony
diff --git a/‎src/Symfony/Component/Debug/Exception/FlattenException.php
Lines changed: 2 additions & 2 deletions b/‎src/Symfony/Component/Debug/Exception/FlattenException.php
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/Exception/ConflictingHeadersException.php
Lines changed: 1 addition & 3 deletions b/‎src/Symfony/Component/HttpFoundation/Exception/ConflictingHeadersException.php
Lines changed: 1 addition & 3 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/Exception/RequestExceptionInterface.php
Lines changed: 21 additions & 0 deletions b/‎src/Symfony/Component/HttpFoundation/Exception/RequestExceptionInterface.php
Lines changed: 21 additions & 0 deletions
diff --git a/`‎src/Symfony/Component/HttpFoundation/Exception/SuspiciousOperationException.php` b/`‎src/Symfony/Component/HttpFoundation/Exception/SuspiciousOperationException.php`
diff --git a/‎src/Symfony/Component/HttpFoundation/Request.php
Lines changed: 22 additions & 4 deletions b/‎src/Symfony/Component/HttpFoundation/Request.php
Lines changed: 22 additions & 4 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/HttpKernel/EventListener/RouterListener.php
Lines changed: 1 addition & 6 deletions b/‎src/Symfony/Component/HttpKernel/EventListener/RouterListener.php
Lines changed: 1 addition & 6 deletions
diff --git a/`‎src/Symfony/Component/HttpKernel/EventListener/ValidateRequestListener.php` b/`‎src/Symfony/Component/HttpKernel/EventListener/ValidateRequestListener.php`
diff --git a/‎src/Symfony/Component/HttpKernel/HttpKernel.php
Lines changed: 3 additions & 3 deletions b/‎src/Symfony/Component/HttpKernel/HttpKernel.php
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/EventListener/RouterListenerTest.php
Lines changed: 30 additions & 2 deletions b/‎src/Symfony/Component/HttpKernel/Tests/EventListener/RouterListenerTest.php
Lines changed: 30 additions & 2 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/composer.json
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpKernel/composer.json
Lines changed: 1 addition & 1 deletion
@@ -11,7 +11,7 @@
 
 namespace Symfony\Component\Debug\Exception;
 
-use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;
+use Symfony\Component\HttpFoundation\Exception\RequestExceptionInterface;
 use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
 
 /**
@@ -42,7 +42,7 @@ public static function create(\Exception $exception, $statusCode = null, array $
         if ($exception instanceof HttpExceptionInterface) {
             $statusCode = $exception->getStatusCode();
             $headers = array_merge($headers, $exception->getHeaders());
-        } elseif ($exception instanceof SuspiciousOperationException) {
+        } elseif ($exception instanceof RequestExceptionInterface) {
             $statusCode = 400;
         }
 
 
@@ -14,10 +14,8 @@
 /**
  * The HTTP request contains headers with conflicting information.
  *
- * This exception should trigger an HTTP 400 response in your application code.
- *
  * @author Magnus Nordlander <magnus@fervo.se>
  */
-class ConflictingHeadersException extends \RuntimeException
+class ConflictingHeadersException extends \UnexpectedValueException implements RequestExceptionInterface
 {
 }
@@ -0,0 +1,21 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\HttpFoundation\Exception;
+
+/**
+ * Interface for Request exceptions.
+ *
+ * Exceptions implementing this interface should trigger an HTTP 400 response in the application code.
+ */
+interface RequestExceptionInterface
+{
+}
@@ -15,6 +15,6 @@
  * Raised when a user has performed an operation that should be considered
  * suspicious from a security perspective.
  */
-class SuspiciousOperationException extends \UnexpectedValueException
+class SuspiciousOperationException extends \UnexpectedValueException implements RequestExceptionInterface
 {
 }
@@ -207,6 +207,9 @@ class Request
 
     protected static $requestFactory;
 
+    private $isHostValid = true;
+    private $isClientIpsValid = true;
+
     /**
      * Constructor.
      *
@@ -820,7 +823,12 @@ public function getClientIps()
         }
 
         if ($hasTrustedForwardedHeader && $hasTrustedClientIpHeader && $forwardedClientIps !== $xForwardedForClientIps) {
-            throw new ConflictingHeadersException('The request has both a trusted Forwarded header and a trusted Client IP header, conflicting with each other with regards to the originating IP addresses of the request. This is the result of a misconfiguration. You should either configure your proxy only to send one of these headers, or configure Symfony to distrust one of them.');
+            if (!$this->isClientIpsValid) {
+                return array('0.0.0.0');
+            }
+            $this->isClientIpsValid = false;
+
+            throw new ConflictingHeadersException('The request has both a trusted Forwarded header and a trusted Client IP header, conflicting with each other with regards to the originating IP addresses of the request. This is the result of a misconfiguration. You should either configure your proxy only to send one of these headers, or configure your project to distrust one of them.');
         }
 
         if (!$hasTrustedForwardedHeader && !$hasTrustedClientIpHeader) {
@@ -1199,7 +1207,7 @@ public function isSecure()
      *
      * @return string
      *
-     * @throws SuspiciousOperationException when the host name is invalid
+     * @throws SuspiciousOperationException when the host name is invalid or not trusted
      */
     public function getHost()
     {
@@ -1221,7 +1229,12 @@ public function getHost()
         // check that it does not contain forbidden characters (see RFC 952 and RFC 2181)
         // use preg_replace() instead of preg_match() to prevent DoS attacks with long host names
         if ($host && '' !== preg_replace('/(?:^\[)?[a-zA-Z0-9-:\]_]+\.?/', '', $host)) {
-            throw new SuspiciousOperationException(sprintf('Invalid Host "%s"', $host));
+            if (!$this->isHostValid) {
+                return '';
+            }
+            $this->isHostValid = false;
+
+            throw new SuspiciousOperationException(sprintf('Invalid Host "%s".', $host));
         }
 
         if (count(self::$trustedHostPatterns) > 0) {
@@ -1239,7 +1252,12 @@ public function getHost()
                 }
             }
 
-            throw new SuspiciousOperationException(sprintf('Untrusted Host "%s"', $host));
+            if (!$this->isHostValid) {
+                return '';
+            }
+            $this->isHostValid = false;
+
+            throw new SuspiciousOperationException(sprintf('Untrusted Host "%s".', $host));
         }
 
         return $host;
 
@@ -1873,7 +1873,7 @@ public function testTrustedHosts()
             $request->getHost();
             $this->fail('Request::getHost() should throw an exception when host is not trusted.');
         } catch (SuspiciousOperationException $e) {
-            $this->assertEquals('Untrusted Host "evil.com"', $e->getMessage());
+            $this->assertEquals('Untrusted Host "evil.com".', $e->getMessage());
         }
 
         // trusted hosts
 
@@ -12,7 +12,6 @@
 namespace Symfony\Component\HttpKernel\EventListener;
 
 use Psr\Log\LoggerInterface;
-use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\HttpKernel\Event\FinishRequestEvent;
 use Symfony\Component\HttpKernel\KernelEvents;
@@ -69,11 +68,7 @@ public function __construct($matcher, RequestStack $requestStack, RequestContext
     private function setCurrentRequest(Request $request = null)
     {
         if (null !== $request) {
-            try {
-                $this->context->fromRequest($request);
-            } catch (SuspiciousOperationException $e) {
-                // Do nothing.
-            }
+            $this->context->fromRequest($request);
         }
     }
 
 
@@ -16,8 +16,7 @@
 use Symfony\Component\HttpKernel\KernelEvents;
 
 /**
- * Validates that the headers and other information indicating the
- * client IP address of a request are consistent.
+ * Validates Requests.
  *
  * @author Magnus Nordlander <magnus@fervo.se>
  */
@@ -36,9 +35,10 @@ public function onKernelRequest(GetResponseEvent $event)
         $request = $event->getRequest();
 
         if ($request::getTrustedProxies()) {
-            // This will throw an exception if the headers are inconsistent.
             $request->getClientIps();
         }
+
+        $request->getHost();
     }
 
     /**
 
@@ -25,7 +25,7 @@
 use Symfony\Component\HttpKernel\Event\GetResponseForControllerResultEvent;
 use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
 use Symfony\Component\HttpKernel\Event\PostResponseEvent;
-use Symfony\Component\HttpFoundation\Exception\ConflictingHeadersException;
+use Symfony\Component\HttpFoundation\Exception\RequestExceptionInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\HttpFoundation\Response;
@@ -67,8 +67,8 @@ public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQ
         try {
             return $this->handleRaw($request, $type);
         } catch (\Exception $e) {
-            if ($e instanceof ConflictingHeadersException) {
-                $e = new BadRequestHttpException('The request headers contain conflicting information regarding the origin of this request.', $e);
+            if ($e instanceof RequestExceptionInterface) {
+                $e = new BadRequestHttpException($e->getMessage(), $e);
             }
             if (false === $catch) {
                 $this->finishRequest($request, $type);
 
@@ -9,11 +9,17 @@
  * file that was distributed with this source code.
  */
 
-namespace Symfony\Component\HttpKernel\Tests\EventListener;
-
+use Symfony\Component\EventDispatcher\EventDispatcher;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Controller\ArgumentResolver;
+use Symfony\Component\HttpKernel\Controller\ControllerResolver;
+use Symfony\Component\HttpKernel\EventListener\ExceptionListener;
 use Symfony\Component\HttpKernel\EventListener\RouterListener;
+use Symfony\Component\HttpKernel\EventListener\ValidateRequestListener;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\HttpKernel\HttpKernel;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\Routing\RequestContext;
 
@@ -154,4 +160,26 @@ public function getLoggingParameterData()
             array(array(), 'Matched route "{route}".', array('route' => 'n/a', 'route_parameters' => array(), 'request_uri' => 'http://localhost/', 'method' => 'GET')),
         );
     }
+
+    public function testWithBadRequest()
+    {
+        $requestStack = new RequestStack();
+
+        $requestMatcher = $this->getMock('Symfony\Component\Routing\Matcher\RequestMatcherInterface');
+        $requestMatcher->expects($this->never())->method('matchRequest');
+
+        $dispatcher = new EventDispatcher();
+        $dispatcher->addSubscriber(new ValidateRequestListener());
+        $dispatcher->addSubscriber(new RouterListener($requestMatcher, $requestStack, new RequestContext()));
+        $dispatcher->addSubscriber(new ExceptionListener(function () {
+            return new Response('Exception handled', 400);
+        }));
+
+        $kernel = new HttpKernel($dispatcher, new ControllerResolver(), $requestStack, new ArgumentResolver());
+
+        $request = Request::create('http://localhost/');
+        $request->headers->set('host', '###');
+        $response = $kernel->handle($request);
+        $this->assertSame(400, $response->getStatusCode());
+    }
 }
@@ -18,7 +18,7 @@
     "require": {
         "php": ">=5.5.9",
         "symfony/event-dispatcher": "~2.8|~3.0",
-        "symfony/http-foundation": "~2.8.13|~3.1.6|~3.2",
+        "symfony/http-foundation": "~3.3",
         "symfony/debug": "~2.8|~3.0",
         "psr/log": "~1.0"
     },
Original file line number	Diff line number	Diff line change
`@@ -14,10 +14,8 @@`
`14`	`14`	`/**`
`15`	`15`	`* The HTTP request contains headers with conflicting information.`
`16`	`16`	`*`
`17`		`- * This exception should trigger an HTTP 400 response in your application code.`
`18`		`- *`
`19`	`17`	`* @author Magnus Nordlander <magnus@fervo.se>`
`20`	`18`	`*/`
`21`		`-class ConflictingHeadersException extends \RuntimeException`
	`19`	`+class ConflictingHeadersException extends \UnexpectedValueException implements RequestExceptionInterface`
`22`	`20`	`{`
`23`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,6 @@`
`15`	`15`	`* Raised when a user has performed an operation that should be considered`
`16`	`16`	`* suspicious from a security perspective.`
`17`	`17`	`*/`
`18`		`-class SuspiciousOperationException extends \UnexpectedValueException`
	`18`	`+class SuspiciousOperationException extends \UnexpectedValueException implements RequestExceptionInterface`
`19`	`19`	`{`
`20`	`20`	`}`
Original file line number	Diff line number	Diff line change
`@@ -207,6 +207,9 @@ class Request`
`207`	`207`
`208`	`208`	`protected static $requestFactory;`
`209`	`209`
	`210`	`+ private $isHostValid = true;`
	`211`	`+ private $isClientIpsValid = true;`
	`212`	`+`
`210`	`213`	`/**`
`211`	`214`	`* Constructor.`
`212`	`215`	`*`
`@@ -820,7 +823,12 @@ public function getClientIps()`
`820`	`823`	`}`
`821`	`824`
`822`	`825`	`if ($hasTrustedForwardedHeader && $hasTrustedClientIpHeader && $forwardedClientIps !== $xForwardedForClientIps) {`
`823`		`- throw new ConflictingHeadersException('The request has both a trusted Forwarded header and a trusted Client IP header, conflicting with each other with regards to the originating IP addresses of the request. This is the result of a misconfiguration. You should either configure your proxy only to send one of these headers, or configure Symfony to distrust one of them.');`
	`826`	`+ if (!$this->isClientIpsValid) {`
	`827`	`+ return array('0.0.0.0');`
	`828`	`+ }`
	`829`	`+ $this->isClientIpsValid = false;`
	`830`	`+`
	`831`	`+ throw new ConflictingHeadersException('The request has both a trusted Forwarded header and a trusted Client IP header, conflicting with each other with regards to the originating IP addresses of the request. This is the result of a misconfiguration. You should either configure your proxy only to send one of these headers, or configure your project to distrust one of them.');`
`824`	`832`	`}`
`825`	`833`
`826`	`834`	`if (!$hasTrustedForwardedHeader && !$hasTrustedClientIpHeader) {`
`@@ -1199,7 +1207,7 @@ public function isSecure()`
`1199`	`1207`	`*`
`1200`	`1208`	`* @return string`
`1201`	`1209`	`*`
`1202`		`- * @throws SuspiciousOperationException when the host name is invalid`
	`1210`	`+ * @throws SuspiciousOperationException when the host name is invalid or not trusted`
`1203`	`1211`	`*/`
`1204`	`1212`	`public function getHost()`
`1205`	`1213`	`{`
`@@ -1221,7 +1229,12 @@ public function getHost()`
`1221`	`1229`	`// check that it does not contain forbidden characters (see RFC 952 and RFC 2181)`
`1222`	`1230`	`// use preg_replace() instead of preg_match() to prevent DoS attacks with long host names`
`1223`	`1231`	`if ($host && '' !== preg_replace('/(?:^\[)?[a-zA-Z0-9-:\]_]+\.?/', '', $host)) {`
`1224`		`- throw new SuspiciousOperationException(sprintf('Invalid Host "%s"', $host));`
	`1232`	`+ if (!$this->isHostValid) {`
	`1233`	`+ return '';`
	`1234`	`+ }`
	`1235`	`+ $this->isHostValid = false;`
	`1236`	`+`
	`1237`	`+ throw new SuspiciousOperationException(sprintf('Invalid Host "%s".', $host));`
`1225`	`1238`	`}`
`1226`	`1239`
`1227`	`1240`	`if (count(self::$trustedHostPatterns) > 0) {`
`@@ -1239,7 +1252,12 @@ public function getHost()`
`1239`	`1252`	`}`
`1240`	`1253`	`}`
`1241`	`1254`
`1242`		`- throw new SuspiciousOperationException(sprintf('Untrusted Host "%s"', $host));`
	`1255`	`+ if (!$this->isHostValid) {`
	`1256`	`+ return '';`
	`1257`	`+ }`
	`1258`	`+ $this->isHostValid = false;`
	`1259`	`+`
	`1260`	`+ throw new SuspiciousOperationException(sprintf('Untrusted Host "%s".', $host));`
`1243`	`1261`	`}`
`1244`	`1262`
`1245`	`1263`	`return $host;`
Original file line number	Diff line number	Diff line change
`@@ -1873,7 +1873,7 @@ public function testTrustedHosts()`
`1873`	`1873`	`$request->getHost();`
`1874`	`1874`	`$this->fail('Request::getHost() should throw an exception when host is not trusted.');`
`1875`	`1875`	`} catch (SuspiciousOperationException $e) {`
`1876`		`- $this->assertEquals('Untrusted Host "evil.com"', $e->getMessage());`
	`1876`	`+ $this->assertEquals('Untrusted Host "evil.com".', $e->getMessage());`
`1877`	`1877`	`}`
`1878`	`1878`
`1879`	`1879`	`// trusted hosts`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,6 @@`
`12`	`12`	`namespace Symfony\Component\HttpKernel\EventListener;`
`13`	`13`
`14`	`14`	`use Psr\Log\LoggerInterface;`
`15`		`-use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;`
`16`	`15`	`use Symfony\Component\HttpKernel\Event\GetResponseEvent;`
`17`	`16`	`use Symfony\Component\HttpKernel\Event\FinishRequestEvent;`
`18`	`17`	`use Symfony\Component\HttpKernel\KernelEvents;`
`@@ -69,11 +68,7 @@ public function __construct($matcher, RequestStack $requestStack, RequestContext`
`69`	`68`	`private function setCurrentRequest(Request $request = null)`
`70`	`69`	`{`
`71`	`70`	`if (null !== $request) {`
`72`		`- try {`
`73`		`- $this->context->fromRequest($request);`
`74`		`- } catch (SuspiciousOperationException $e) {`
`75`		`- // Do nothing.`
`76`		`- }`
	`71`	`+ $this->context->fromRequest($request);`
`77`	`72`	`}`
`78`	`73`	`}`
`79`	`74`
Original file line number	Diff line number	Diff line change
`@@ -16,8 +16,7 @@`
`16`	`16`	`use Symfony\Component\HttpKernel\KernelEvents;`
`17`	`17`
`18`	`18`	`/**`
`19`		`- * Validates that the headers and other information indicating the`
`20`		`- * client IP address of a request are consistent.`
	`19`	`+ * Validates Requests.`
`21`	`20`	`*`
`22`	`21`	`* @author Magnus Nordlander <magnus@fervo.se>`
`23`	`22`	`*/`
`@@ -36,9 +35,10 @@ public function onKernelRequest(GetResponseEvent $event)`
`36`	`35`	`$request = $event->getRequest();`
`37`	`36`
`38`	`37`	`if ($request::getTrustedProxies()) {`
`39`		`- // This will throw an exception if the headers are inconsistent.`
`40`	`38`	`$request->getClientIps();`
`41`	`39`	`}`
	`40`	`+`
	`41`	`+ $request->getHost();`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`/**`