Merge branch 'hotfix/4581' into develop

Forward port zendframework/zendframework#4581
zendframework · Jun 10, 2013 · cb6a993 · cb6a993
commit cb6a993
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 8 deletions.
diff --git a/src/PhpEnvironment/Request.php b/src/PhpEnvironment/Request.php
@@ -14,6 +14,7 @@
 use Zend\Stdlib\Parameters;
 use Zend\Stdlib\ParametersInterface;
 use Zend\Uri\Http as HttpUri;
+use Zend\Validator\Hostname as HostnameValidator;
 
 /**
  * HTTP Request for current PHP environment
@@ -257,7 +258,31 @@ public function setServer(ParametersInterface $server)
         // URI host & port
         $host = null;
         $port = null;
-        if (isset($this->serverParams['SERVER_NAME'])) {
+
+        // Set the host
+        if ($this->getHeaders()->get('host')) {
+            $host = $this->getHeaders()->get('host')->getFieldValue();
+
+            // works for regname, IPv4 & IPv6
+            if (preg_match('|\:(\d+)$|', $host, $matches)) {
+                $host = substr($host, 0, -1 * (strlen($matches[1]) + 1));
+                $port = (int) $matches[1];
+            }
+
+            // set up a validator that check if the hostname is legal (not spoofed)
+            $hostnameValidator = new HostnameValidator(array(
+                'allow'       => HostnameValidator::ALLOW_ALL,
+                'useIdnCheck' => false,
+                'useTldCheck' => false,
+            ));
+            // If invalid. Reset the host & port
+            if (!$hostnameValidator->isValid($host)) {
+                $host = null;
+                $port = null;
+            }
+        }
+
+        if (!$host && isset($this->serverParams['SERVER_NAME'])) {
             $host = $this->serverParams['SERVER_NAME'];
             if (isset($this->serverParams['SERVER_PORT'])) {
                 $port = (int) $this->serverParams['SERVER_PORT'];
@@ -272,13 +297,6 @@ public function setServer(ParametersInterface $server)
                     $port = null;
                 }
             }
-        } elseif ($this->getHeaders()->get('host')) {
-            $host = $this->getHeaders()->get('host')->getFieldValue();
-            // works for regname, IPv4 & IPv6
-            if (preg_match('|\:(\d+)$|', $host, $matches)) {
-                $host = substr($host, 0, -1 * (strlen($matches[1]) + 1));
-                $port = (int) $matches[1];
-            }
         }
         $uri->setHost($host);
         $uri->setPort($port);

diff --git a/test/PhpEnvironment/RequestTest.php b/test/PhpEnvironment/RequestTest.php
@@ -324,6 +324,26 @@ public static function serverHostnameProvider()
                 '80',
                 '/news',
             ),
+            array(
+                array(
+                    'SERVER_NAME' => 'test.example.com',
+                    'HTTP_HOST' => 'requested.example.com',
+                    'REQUEST_URI' => 'http://test.example.com/news',
+                ),
+                'requested.example.com',
+                '80',
+                '/news',
+            ),
+            array(
+                array(
+                    'SERVER_NAME' => 'test.example.com',
+                    'HTTP_HOST' => '<script>alert("Spoofed host");</script>',
+                    'REQUEST_URI' => 'http://test.example.com/news',
+                ),
+                'test.example.com',
+                '80',
+                '/news',
+            ),
             array(
                 array(
                     'SERVER_NAME' => '[1:2:3:4:5:6::6]',