8000 bug #28144 [HttpFoundation] fix false-positive ConflictingHeadersExce… · symfony/symfony@74a4cea · GitHub
[go: up one dir, main page]
Skip to content

Commit 74a4cea

Browse files
nicolas-grekasnicolas-grekas
committed
bug #28144 [HttpFoundation] fix false-positive ConflictingHeadersException (nicolas-grekas)
This PR was merged into the 2.8 branch. Discussion ---------- [HttpFoundation] fix false-positive ConflictingHeadersException | Q | A | ------------- | --- | Branch? | 2.8 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #28153 | License | MIT | Doc PR | - Fixes https://jira.ez.no/browse/EZP-29492 & https://jira.ez.no/browse/EZP-29497 Ping @andrerom Commits ------- 6089290 [HttpFoundation] fix false-positive ConflictingHeadersException
2 parents a540aee + 6089290 commit 74a4cea

File tree

2 files changed

+66
-6
lines changed

2 files changed

+66
-6
lines changed

src/Symfony/Component/HttpFoundation/Request.php

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1943,10 +1943,13 @@ private function getTrustedValues($type, $ip = null)
19431943

19441944
if (self::$trustedHeaders[self::HEADER_FORWARDED] && $this->headers->has(self::$trustedHeaders[self::HEADER_FORWARDED])) {
19451945
$forwardedValues = $this->headers->get(self::$trustedHeaders[self::HEADER_FORWARDED]);
1946-
$forwardedValues = preg_match_all(sprintf('{(?:%s)=(?:"?\[?)([a-zA-Z0-9\.:_\-/]*+)}', self::$forwardedParams[$type]), $forwardedValues, $matches) ? $matches[1] : array();
1946+
$forwardedValues = preg_match_all(sprintf('{(?:%s)="?([a-zA-Z0-9\.:_\-/\[\]]*+)}', self::$forwardedParams[$type]), $forwardedValues, $matches) ? $matches[1] : array();
19471947
if (self::HEADER_CLIENT_PORT === $type) {
19481948
foreach ($forwardedValues as $k => $v) {
1949-
$forwardedValues[$k] = substr_replace($v, '0.0.0.0', 0, strrpos($v, ':'));
1949+
if (']' === substr($v, -1) || false === $v = strrchr($v, ':')) {
1950+
$v = $this->isSecure() ? ':443' : ':80';
1951+
}
1952+
$forwardedValues[$k] = '0.0.0.0'.$v;
19501953
}
19511954
}
19521955
}
@@ -1981,9 +1984,17 @@ private function normalizeAndFilterClientIps(array $clientIps, $ip)
19811984
$firstTrustedIp = null;
19821985

19831986
foreach ($clientIps as $key => $clientIp) {
1984-
// Remove port (unfortunately, it does happen)
1985-
if (preg_match('{((?:\d+\.){3}\d+)\:\d+}', $clientIp, $match)) {
1986-
$clientIps[$key] = $clientIp = $match[1];
1987+
if (strpos($clientIp, '.')) {
1988+
// Strip :port from IPv4 addresses. This is allowed in Forwarded
1989+
// and may occur in X-Forwarded-For.
1990+
$i = strpos($clientIp, ':');
1991+
if ($i) {
1992+
$clientIps[$key] = $clientIp = substr($clientIp, 0, $i);
1993+
}
1994+
} elseif ('[' == $clientIp[0]) {
1995+
// Strip brackets and :port from IPv6 addresses.
1996+
$i = strpos($clientIp, ']', 1);
1997+
$clientIps[$key] = $clientIp = substr($clientIp, 1, $i - 1);
19871998
}
19881999

19892000
if (!filter_var($clientIp, FILTER_VALIDATE_IP)) {

src/Symfony/Component/HttpFoundation/Tests/RequestTest.php

Lines changed: 50 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -967,7 +967,7 @@ public function testGetClientIpsWithAgreeingHeaders($httpForwarded, $httpXForwar
967967
'HTTP_X_FORWARDED_FOR' => $httpXForwardedFor,
968968
);
969969

970-
Request::setTrustedProxies(array('88.88.88.88'));
970+
Request::setTrustedProxies(array('88.88.88.88'), -1);
971971

972972
$request->initialize(array(), array(), array(), array(), array(), $server);
973973

@@ -2071,6 +2071,55 @@ public function testNonstandardRequests($requestUri, $queryString, $expectedPath
20712071
$this->assertEquals($expectedBaseUrl, $request->getBaseUrl());
20722072
$this->assertEquals($expectedBasePath, $request->getBasePath());
20732073
}
2074+
2075+
public function testTrustedHost()
2076+
{
2077+
Request::setTrustedProxies(array('1.1.1.1'), -1);
2078+
2079+
$request = Request::create('/');
2080+
$request->server->set('REMOTE_ADDR', '1.1.1.1');
2081+
$request->headers->set('Forwarded', 'host=localhost:8080');
2082+
$request->headers->set('X-Forwarded-Host', 'localhost:8080');
2083+
2084+
$this->assertSame('localhost:8080', $request->getHttpHost());
2085+
$this->assertSame(8080, $request->getPort());
2086+
2087+
$request = Request::create('/');
2088+
$request->server->set('REMOTE_ADDR', '1.1.1.1');
2089+
$request->headers->set('Forwarded', 'host="[::1]:443"');
2090+
$request->headers->set('X-Forwarded-Host', '[::1]:443');
2091+
$request->headers->set('X-Forwarded-Port', 443);
2092+
2093+
$this->assertSame('[::1]:443', $request->getHttpHost());
2094+
$this->assertSame(443, $request->getPort());
2095+
}
2096+
2097+
public function testTrustedPort()
2098+
{
2099+
Request::setTrustedProxies(array('1.1.1.1'), -1);
2100+
2101+
$request = Request::create('/');
2102+
$request->server->set('REMOTE_ADDR', '1.1.1.1');
2103+
$request->headers->set('Forwarded', 'host=localhost:8080');
2104+
$request->headers->set('X-Forwarded-Port', 8080);
2105+
2106+
$this->assertSame(8080, $request->getPort());
2107+
2108+
$request = Request::create('/');
2109+
$request->server->set('REMOTE_ADDR', '1.1.1.1');
2110+
$request->headers->set('Forwarded', 'host=localhost');
2111+
$request->headers->set('X-Forw 9D2A arded-Port', 80);
2112+
2113+
$this->assertSame(80, $request->getPort());
2114+
2115+
$request = Request::create('/');
2116+
$request->server->set('REMOTE_ADDR', '1.1.1.1');
2117+
$request->headers->set('Forwarded', 'host="[::1]"');
2118+
$request->headers->set('X-Forwarded-Proto', 'https');
2119+
$request->headers->set('X-Forwarded-Port', 443);
2120+
2121+
$this->assertSame(443, $request->getPort());
2122+
}
20742123
}
20752124

20762125
class RequestContentProxy extends Request

0 commit comments

Comments
 (0)
0