From 736fedfb07f1667df785cb4f448787dd6b5701e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kinn=20Coelho=20Juli=C3=A3o?= Date: Wed, 3 Apr 2013 16:23:30 -0400 Subject: [PATCH 1/3] Getting the real customer address for the getClientIp InlineFragmentRenderer should add the X-Forwarded-For of real client IP, just like EsiFragmentRenderer expects. To this work, the getClientIp was updated with a fix for that. --- src/Symfony/Component/HttpFoundation/Request.php | 12 ++++++++++++ .../HttpKernel/Fragment/InlineFragmentRenderer.php | 3 --- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php index f3e75c78482a..4375c598eab0 100644 --- a/src/Symfony/Component/HttpFoundation/Request.php +++ b/src/Symfony/Component/HttpFoundation/Request.php @@ -696,6 +696,18 @@ public function getClientIp() $clientIps[] = $ip; $trustedProxies = self::$trustProxy && !self::$trustedProxies ? array($ip) : self::$trustedProxies; + + //If is there any forward_for IP address, this is the real client IP address + if ($this->headers->has(self::$trustedHeaders[self::HEADER_CLIENT_IP])) { + return $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_IP]); + } + + //If it is not a forwarded IP, the Client IP should be in the trusted proxies + if (!$this->headers->has(self::$trustedHeaders[self::HEADER_CLIENT_IP])) { + array_push($trustedProxies, $this->getClientIp()); + $this->setTrustedProxies($trustedProxies); + } + $clientIps = array_diff($clientIps, $trustedProxies); return array_pop($clientIps); diff --git a/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php b/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php index 928d395f0df4..6baa8ef74c9f 100644 --- a/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php +++ b/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php @@ -86,9 +86,6 @@ protected function createSubRequest($uri, Request $request) $cookies = $request->cookies->all(); $server = $request->server->all(); - // the sub-request is internal - $server['REMOTE_ADDR'] = '127.0.0.1'; - $subRequest = $request::create($uri, 'get', array(), $cookies, array(), $server); if ($session = $request->getSession()) { $subRequest->setSession($session); From 9fbd9ff32c494d7980fd92802700a08c6960492e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kinn=20Coelho=20Juli=C3=A3o?= Date: Wed, 3 Apr 2013 17:28:06 -0400 Subject: [PATCH 2/3] [HttpKernel] Fixed request getClientIp according to The general format of [X-Forwarded-For: client, proxy1, proxy2] --- src/Symfony/Component/HttpFoundation/Request.php | 7 ++++++- .../Component/HttpFoundation/Tests/RequestTest.php | 12 ++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php index 4375c598eab0..902289ac7978 100644 --- a/src/Symfony/Component/HttpFoundation/Request.php +++ b/src/Symfony/Component/HttpFoundation/Request.php @@ -699,7 +699,12 @@ public function getClientIp() //If is there any forward_for IP address, this is the real client IP address if ($this->headers->has(self::$trustedHeaders[self::HEADER_CLIENT_IP])) { - return $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_IP]); + $forwarded = $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_IP]); + $forwarded = explode(",",$forwarded); + $forwarded = trim($forwarded[0]); + + + return $forwarded; } //If it is not a forwarded IP, the Client IP should be in the trusted proxies diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php index c5c81b26a0cd..6a04145d1ec5 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php @@ -769,9 +769,9 @@ public function testGetClientIpProvider() array('127.0.0.1', false, '127.0.0.1', '88.88.88.88', null), array('88.88.88.88', true, '127.0.0.1', '88.88.88.88', null), array('2620:0:1cfe:face:b00c::3', true, '::1', '2620:0:1cfe:face:b00c::3', null), - array('88.88.88.88', true, '123.45.67.89', '127.0.0.1, 87.65.43.21, 88.88.88.88', null), - array('87.65.43.21', true, '123.45.67.89', '127.0.0.1, 87.65.43.21, 88.88.88.88', array('123.45.67.89', '88.88.88.88')), - array('87.65.43.21', false, '123.45.67.89', '127.0.0.1, 87.65.43.21, 88.88.88.88', array('123.45.67.89', '88.88.88.88')), + array('127.0.0.1', true, '123.45.67.89', '127.0.0.1, 88.88.88.88, 87.65.43.21', null), + array('127.0.0.1', true, '123.45.67.89', '127.0.0.1, 87.65.43.21, 88.88.88.88', array('123.45.67.89', '88.88.88.88')), + array('127.0.0.1', false, '123.45.67.89', '127.0.0.1, 87.65.43.21, 88.88.88.88', array('123.45.67.89', '88.88.88.88')), ); } @@ -1281,7 +1281,7 @@ public function testTrustedProxies() $request->headers->set('X_FORWARDED_HOST', 'foo.example.com, real.example.com:8080'); $request->headers->set('X_FORWARDED_PROTO', 'https'); $request->headers->set('X_FORWARDED_PORT', 443); - $request->headers->set('X_MY_FOR', '3.3.3.3, 4.4.4.4'); + $request->headers->set('X_MY_FOR', '3.3.3.3, 4.4.4.4');//X-Forwarded-For: client[3.3.3.3], proxy1, proxy2 $request->headers->set('X_MY_HOST', 'my.example.com'); $request->headers->set('X_MY_PROTO', 'http'); $request->headers->set('X_MY_PORT', 81); @@ -1306,12 +1306,12 @@ public function testTrustedProxies() $this->assertEquals(443, $request->getPort()); $this->assertTrue($request->isSecure()); - // custom header names + // custom header names : X-Forwarded-For: client[3.3.3.3], proxy1, proxy2 Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'X_MY_FOR'); Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'X_MY_HOST'); Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, 'X_MY_PORT'); Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, 'X_MY_PROTO'); - $this->assertEquals('4.4.4.4', $request->getClientIp()); + $this->assertEquals('3.3.3.3', $request->getClientIp()); $this->assertEquals('my.example.com', $request->getHost()); $this->assertEquals(81, $request->getPort()); $this->assertFalse($request->isSecure()); From 8d0a0b0b3aea62ab598fd40ce89008611709675a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kinn=20Coelho=20Juli=C3=A3o?= Date: Wed, 3 Apr 2013 17:34:52 -0400 Subject: [PATCH 3/3] [HttpKernel] Removing unecessary validation --- src/Symfony/Component/HttpFoundation/Request.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php index 902289ac7978..20801299b140 100644 --- a/src/Symfony/Component/HttpFoundation/Request.php +++ b/src/Symfony/Component/HttpFoundation/Request.php @@ -708,10 +708,8 @@ public function getClientIp() } //If it is not a forwarded IP, the Client IP should be in the trusted proxies - if (!$this->headers->has(self::$trustedHeaders[self::HEADER_CLIENT_IP])) { - array_push($trustedProxies, $this->getClientIp()); - $this->setTrustedProxies($trustedProxies); - } + array_push($trustedProxies, $this->getClientIp()); + $this->setTrustedProxies($trustedProxies); $clientIps = array_diff($clientIps, $trustedProxies);