Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
bug #32096 Don't assume port 0 for X-Forwarded-Port (alexbowers, xabbuh)
This PR was merged into the 3.4 branch.

Discussion
----------

Don't assume port 0 for X-Forwarded-Port

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | none added
| Fixed tickets |
| License       | MIT
| Doc PR        | -

If you use X-Forwarded-Host but don't provide X-Forwarded-Port, it will default to `0.0.0.0:` which then assumes port `0` instead of following its default assumption based on the scheme.

Commits
-------

adcdd93 PHP 5 compat
6c49a0c Add test case
c266d6c Update Request.php
23db9be Don't assume port 0 for X-Forwarded-Port
  • Loading branch information
fabpot committed Jul 8, 2019
2 parents feab919 + adcdd93 commit 931965a
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/Symfony/Component/HttpFoundation/Request.php
Expand Up @@ -1037,8 +1037,8 @@ public function getPort()
$pos = strrpos($host, ':');
}

if (false !== $pos) {
return (int) substr($host, $pos + 1);
if (false !== $pos && $port = substr($host, $pos + 1)) {
return (int) $port;
}

return 'https' === $this->getScheme() ? 443 : 80;
Expand Down
12 changes: 12 additions & 0 deletions src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
Expand Up @@ -2427,6 +2427,18 @@ public function testTrustedPort()

$this->assertSame(443, $request->getPort());
}

public function testTrustedPortDoesNotDefaultToZero()
{
Request::setTrustedProxies(['1.1.1.1'], Request::HEADER_X_FORWARDED_ALL);

$request = Request::create('/');
$request->server->set('REMOTE_ADDR', '1.1.1.1');
$request->headers->set('X-Forwarded-Host', 'test.example.com');
$request->headers->set('X-Forwarded-Port', null);

$this->assertSame(80, $request->getPort());
}
}

class RequestContentProxy extends Request
Expand Down

0 comments on commit 931965a

Please sign in to comment.