Skip to content

Commit

Permalink
Merge branch '2.8' into 3.4
Browse files Browse the repository at this point in the history 
* 2.8:
  [HttpFoundation] fix false-positive ConflictingHeadersException
  • Loading branch information
@nicolas-grekas
nicolas-grekas committed Aug 8, 2018
2 parents a852df2 + 74a4cea commit 2bae183
Show file tree
Hide file tree
Showing 2 changed files with 66 additions and 6 deletions.
21 changes: 16 additions & 5 deletions src/Symfony/Component/HttpFoundation/Request.php
View file
Expand Up @@ -2086,10 +2086,13 @@ private function getTrustedValues($type, $ip = null)

if (self::$trustedHeaders[self::HEADER_FORWARDED] && $this->headers->has(self::$trustedHeaders[self::HEADER_FORWARDED])) {
$forwardedValues = $this->headers->get(self::$trustedHeaders[self::HEADER_FORWARDED]);
$forwardedValues = preg_match_all(sprintf('{(?:%s)=(?:"?\[?)([a-zA-Z0-9\.:_\-/]*+)}', self::$forwardedParams[$type]), $forwardedValues, $matches) ? $matches[1] : array();
$forwardedValues = preg_match_all(sprintf('{(?:%s)="?([a-zA-Z0-9\.:_\-/\[\]]*+)}', self::$forwardedParams[$type]), $forwardedValues, $matches) ? $matches[1] : array();
if (self::HEADER_CLIENT_PORT === $type) {
foreach ($forwardedValues as $k => $v) {
$forwardedValues[$k] = substr_replace($v, '0.0.0.0', 0, strrpos($v, ':'));
if (']' === substr($v, -1) || false === $v = strrchr($v, ':')) {
$v = $this->isSecure() ? ':443' : ':80';
}
$forwardedValues[$k] = '0.0.0.0'.$v;
}
}
}
Expand Down Expand Up @@ -2124,9 +2127,17 @@ private function normalizeAndFilterClientIps(array $clientIps, $ip)
$firstTrustedIp = null;

foreach ($clientIps as $key => $clientIp) {
// Remove port (unfortunately, it does happen)
if (preg_match('{((?:\d+\.){3}\d+)\:\d+}', $clientIp, $match)) {
$clientIps[$key] = $clientIp = $match[1];
if (strpos($clientIp, '.')) {
// Strip :port from IPv4 addresses. This is allowed in Forwarded
// and may occur in X-Forwarded-For.
$i = strpos($clientIp, ':');
if ($i) {
$clientIps[$key] = $clientIp = substr($clientIp, 0, $i);
}
} elseif ('[' == $clientIp[0]) {
// Strip brackets and :port from IPv6 addresses.
$i = strpos($clientIp, ']', 1);
$clientIps[$key] = $clientIp = substr($clientIp, 1, $i - 1);
}

if (!filter_var($clientIp, FILTER_VALIDATE_IP)) {
Expand Down
51 changes: 50 additions & 1 deletion src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
View file
Expand Up @@ -1019,7 +1019,7 @@ public function testGetClientIpsWithAgreeingHeaders($httpForwarded, $httpXForwar
'HTTP_X_FORWARDED_FOR' => $httpXForwardedFor,
);

Request::setTrustedProxies(array('88.88.88.88'), Request::HEADER_X_FORWARDED_ALL);
Request::setTrustedProxies(array('88.88.88.88'), -1);

$request->initialize(array(), array(), array(), array(), array(), $server);

Expand Down Expand Up @@ -2277,6 +2277,55 @@ public function testNonstandardRequests($requestUri, $queryString, $expectedPath
$this->assertEquals($expectedBaseUrl, $request->getBaseUrl());
$this->assertEquals($expectedBasePath, $request->getBasePath());
}

public function testTrustedHost()
{
Request::setTrustedProxies(array('1.1.1.1'), -1);

$request = Request::create('/');
$request->server->set('REMOTE_ADDR', '1.1.1.1');
$request->headers->set('Forwarded', 'host=localhost:8080');
$request->headers->set('X-Forwarded-Host', 'localhost:8080');

$this->assertSame('localhost:8080', $request->getHttpHost());
$this->assertSame(8080, $request->getPort());

$request = Request::create('/');
$request->server->set('REMOTE_ADDR', '1.1.1.1');
$request->headers->set('Forwarded', 'host="[::1]:443"');
$request->headers->set('X-Forwarded-Host', '[::1]:443');
$request->headers->set('X-Forwarded-Port', 443);

$this->assertSame('[::1]:443', $request->getHttpHost());
$this->assertSame(443, $request->getPort());
}

public function testTrustedPort()
{
Request::setTrustedProxies(array('1.1.1.1'), -1);

$request = Request::create('/');
$request->server->set('REMOTE_ADDR', '1.1.1.1');
$request->headers->set('Forwarded', 'host=localhost:8080');
$request->headers->set('X-Forwarded-Port', 8080);

$this->assertSame(8080, $request->getPort());

$request = Request::create('/');
$request->server->set('REMOTE_ADDR', '1.1.1.1');
$request->headers->set('Forwarded', 'host=localhost');
$request->headers->set('X-Forwarded-Port', 80);

$this->assertSame(80, $request->getPort());

$request = Request::create('/');
$request->server->set('REMOTE_ADDR', '1.1.1.1');
$request->headers->set('Forwarded', 'host="[::1]"');
$request->headers->set('X-Forwarded-Proto', 'https');
$request->headers->set('X-Forwarded-Port', 443);

$this->assertSame(443, $request->getPort());
}
}

class RequestContentProxy extends Request
Expand Down

0 comments on commit 2bae183

Please sign in to comment.