8000 Merge branch '4.1' · symfony/symfony@4e4b216 · GitHub
[go: up one dir, main page]
Skip to content

Commit 4e4b216

Browse files
nicolas-grekasnicolas-grekas
committed
Merge branch '4.1'
* 4.1: [HttpKernel] fix forwarding trusted headers as server parameters
2 p
8000
arents c099d86 + 3ac90c1 commit 4e4b216

File tree

4 files changed

+22
-7
lines changed

4 files changed

+22
-7
lines changed

src/Symfony/Component/HttpFoundation/Request.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2010,7 +2010,7 @@ private function normalizeAndFilterClientIps(array $clientIps, $ip)
20102010
if ($i) {
20112011
$clientIps[$key] = $clientIp = substr($clientIp, 0, $i);
20122012
}
2013-
} elseif ('[' == $clientIp[0]) {
2013+
} elseif (0 === strpos($clientIp, '[')) {
20142014
// Strip brackets and :port from IPv6 addresses.
20152015
$i = strpos($clientIp, ']', 1);
20162016
$clientIps[$key] = $clientIp = substr($clientIp, 1, $i - 1);

src/Symfony/Component/HttpFoundation/Tests/RequestTest.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -906,7 +906,7 @@ public function getClientIpsForwardedProvider()
906906

907907
public function getClientIpsProvider()
908908
{
909-
// $expected $remoteAddr $httpForwardedFor $trustedProxies
909+
// $expected $remoteAddr $httpForwardedFor $trustedProxies
910910
return array(
911911
// simple IPv4
912912
array(array('88.88.88.88'), '88.88.88.88', null, null),
@@ -920,8 +920,8 @@ public function getClientIpsProvider()
920920

921921
// forwarded for with remote IPv4 addr not trusted
922922
array(array('127.0.0.1'), '127.0.0.1', '88.88.88.88', null),
923-
// forwarded for with remote IPv4 addr trusted
924-
array(array('88.88.88.88'), '127.0.0.1', '88.88.88.88', array('127.0.0.1')),
923+
// forwarded for with remote IPv4 addr trusted + comma
924+
array(array('88.88.88.88'), '127.0.0.1', '88.88.88.88,', array('127.0.0.1')),
925925
// forwarded for with remote IPv4 and all FF addrs trusted
926926
array(array('88.88.88.88'), '127.0.0.1', '88.88.88.88', array('127.0.0.1', '88.88.88.88')),
927927
// forwarded for with remote IPv4 range trusted

src/Symfony/Component/HttpKernel/HttpCache/SubRequestHandler.php

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ public static function handle(HttpKernelInterface $kernel, Request $request, $ty
4141
);
4242
foreach (array_filter($trustedHeaders) as $name => $key) {
4343
$request->headers->remove($name);
44+
$request->server->remove('HTTP_'.$name);
4445
}
4546
}
4647

@@ -59,13 +60,16 @@ public static function handle(HttpKernelInterface $kernel, Request $request, $ty
5960
// set trusted values, reusing as much as possible the global trusted settings
6061
if (Request::HEADER_FORWARDED & $trustedHeaderSet) {
6162
$trustedValues[0] .= sprintf(';host="%s";proto=%s', $request->getHttpHost(), $request->getScheme());
62-
$request->headers->set('Forwarded', implode(', ', $trustedValues));
63+
$request->headers->set('Forwarded', $v = implode(', ', $trustedValues));
64+
$request->server->set('HTTP_FORWARDED', $v);
6365
}
6466
if (Request::HEADER_X_FORWARDED_FOR & $trustedHeaderSet) {
65-
$request->headers->set('X-Forwarded-For', implode(', ', $trustedIps));
67+
$request->headers->set('X-Forwarded-For', $v = implode(', ', $trustedIps));
68+
$request->server->set('HTTP_X_FORWARDED_FOR', $v);
6669
} elseif (!(Request::HEADER_FORWARDED & $trustedHeaderSet)) {
6770
Request::setTrustedProxies($trustedProxies, $trustedHeaderSet | Request::HEADER_X_FORWARDED_FOR);
68-
$request->headers->set('X-Forwarded-For', implode(', ', $trustedIps));
71+
$request->headers->set('X-Forwarded-For', $v = implode(', ', $trustedIps));
72+
$request->server->set('HTTP_X_FORWARDED_FOR', $v);
6973
}
7074

7175
// fix the client IP address by setting it to 127.0.0.1,

src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,8 @@ public function testRenderWithObjectsAsAttributes()
4545
$subRequest->attributes->replace(array('object' => $object, '_format' => 'html', '_controller' => 'main_controller', '_locale' => 'en'));
4646
$subRequest->headers->set('x-forwarded-for', array('127.0.0.1'));
4747
$subRequest->headers->set('forwarded', array('for="127.0.0.1";host="localhost";proto=http'));
48+
$subRequest->server->set('HTTP_X_FORWARDED_FOR', '127.0.0.1');
49+
$subRequest->server->set('HTTP_FORWARDED', 'for="127.0.0.1";host="localhost";proto=http');
4850

4951
$strategy = new InlineFragmentRenderer($this->getKernelExpectingRequest($subRequest));
5052

@@ -57,6 +59,7 @@ public function testRenderWithTrustedHeaderDisabled()
5759

5860
$expectedSubRequest = Request::create('/');
5961
$expectedSubRequest->headers->set('x-forwarded-for', array('127.0.0.1'));
62+
$expectedSubRequest->server->set('HTTP_X_FORWARDED_FOR', '127.0.0.1');
6063

6164
$strategy = new InlineFragmentRenderer($this->getKernelExpectingRequest($expectedSubRequest));
6265
$this->assertSame('foo', $strategy->render('/', Request::create('/'))->getContent());
@@ -149,8 +152,10 @@ public function testESIHeaderIsKeptInSubrequest()
149152

150153
if (Request::HEADER_X_FORWARDED_FOR & Request::getTrustedHeaderSet()) {
151154
$expectedSubRequest->headers->set('x-forwarded-for', array('127.0.0.1'));
155+
$expectedSubRequest->server->set('HTTP_X_FORWARDED_FOR', '127.0.0.1');
152156
}
153157
$expectedSubRequest->headers->set('forwarded', array('for="127.0.0.1";host="localhost";proto=http'));
158+
$expectedSubRequest->server->set('HTTP_FORWARDED', 'for="127.0.0.1";host="localhost";proto=http');
154159

155160
$strategy = new InlineFragmentRenderer($this->getKernelExpectingRequest($expectedSubRequest));
156161

@@ -173,6 +178,8 @@ public function testHeadersPossiblyResultingIn304AreNotAssignedToSubrequest()
173178
$expectedSubRequest = Request::create('/');
174179
$expectedSubRequest->headers->set('x-forwarded-for', array('127.0.0.1'));
175180
$expectedSubRequest->headers->set('forwarded', array('for="127.0.0.1";host="localhost";proto=http'));
181+
$expectedSubRequest->server->set('HTTP_X_FORWARDED_FOR', '127.0.0.1');
182+
$expectedSubRequest->server->set('HTTP_FORWARDED', 'for="127.0.0.1";host="localhost";proto=http');
176183

177184
$strategy = new InlineFragmentRenderer($this->getKernelExpectingRequest($expectedSubRequest));
178185
$request = Request::create('/', 'GET', array(), array(), array(), array('HTTP_IF_MODIFIED_SINCE' => 'Fri, 01 Jan 2016 00:00:00 GMT', 'HTTP_IF_NONE_MATCH' => '*'));
@@ -188,6 +195,8 @@ public function testFirstTrustedProxyIsSetAsRemote()
188195
$expectedSubRequest->server->set('REMOTE_ADDR', '127.0.0.1');
189196
$expectedSubRequest->headers->set('x-forwarded-for', array('127.0.0.1'));
190197
$expectedSubRequest->headers->set('forwarded', array('for="127.0.0.1";host="localhost";proto=http'));
198+
$expectedSubRequest->server->set('HTTP_X_FORWARDED_FOR', '127.0.0.1');
199+
$expectedSubRequest->server->set('HTTP_FORWARDED', 'for="127.0.0.1";host="localhost";proto=http');
191200

192201
$strategy = new InlineFragmentRenderer($this->getKernelExpectingRequest($expectedSubRequest));
193202

@@ -205,6 +214,8 @@ public function testIpAddressOfRangedTrustedProxyIsSetAsRemote()
205214
$expectedSubRequest->server->set('REMOTE_ADDR', '127.0.0.1');
206215
$expectedSubRequest->headers->set('x-forwarded-for', array('127.0.0.1'));
207216
$expectedSubRequest->headers->set('forwarded', array('for="127.0.0.1";host="localhost";proto=http'));
217+
$expectedSubRequest->server->set('HTTP_X_FORWARDED_FOR', '127.0.0.1');
218+
$expectedSubRequest->server->set('HTTP_FORWARDED', 'for="127.0.0.1";host="localhost";proto=http');
208219

209220
Request::setTrustedProxies(array('1.1.1.1/24'), -1);
210221

0 commit comments

Comments
 (0)
0