Merge branch '2.8' into 3.4
* 2.8: [HttpFoundation] fix false-positive ConflictingHeadersException
This commit is contained in:
commit
2bae1832c7
@ -2086,10 +2086,13 @@ class Request
|
|||||||
|
|
||||||
if (self::$trustedHeaders[self::HEADER_FORWARDED] && $this->headers->has(self::$trustedHeaders[self::HEADER_FORWARDED])) {
|
if (self::$trustedHeaders[self::HEADER_FORWARDED] && $this->headers->has(self::$trustedHeaders[self::HEADER_FORWARDED])) {
|
||||||
$forwardedValues = $this->headers->get(self::$trustedHeaders[self::HEADER_FORWARDED]);
|
$forwardedValues = $this->headers->get(self::$trustedHeaders[self::HEADER_FORWARDED]);
|
||||||
$forwardedValues = preg_match_all(sprintf('{(?:%s)=(?:"?\[?)([a-zA-Z0-9\.:_\-/]*+)}', self::$forwardedParams[$type]), $forwardedValues, $matches) ? $matches[1] : array();
|
$forwardedValues = preg_match_all(sprintf('{(?:%s)="?([a-zA-Z0-9\.:_\-/\[\]]*+)}', self::$forwardedParams[$type]), $forwardedValues, $matches) ? $matches[1] : array();
|
||||||
if (self::HEADER_CLIENT_PORT === $type) {
|
if (self::HEADER_CLIENT_PORT === $type) {
|
||||||
foreach ($forwardedValues as $k => $v) {
|
foreach ($forwardedValues as $k => $v) {
|
||||||
$forwardedValues[$k] = substr_replace($v, '0.0.0.0', 0, strrpos($v, ':'));
|
if (']' === substr($v, -1) || false === $v = strrchr($v, ':')) {
|
||||||
|
$v = $this->isSecure() ? ':443' : ':80';
|
||||||
|
}
|
||||||
|
$forwardedValues[$k] = '0.0.0.0'.$v;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2124,9 +2127,17 @@ class Request
|
|||||||
$firstTrustedIp = null;
|
$firstTrustedIp = null;
|
||||||
|
|
||||||
foreach ($clientIps as $key => $clientIp) {
|
foreach ($clientIps as $key => $clientIp) {
|
||||||
// Remove port (unfortunately, it does happen)
|
if (strpos($clientIp, '.')) {
|
||||||
if (preg_match('{((?:\d+\.){3}\d+)\:\d+}', $clientIp, $match)) {
|
// Strip :port from IPv4 addresses. This is allowed in Forwarded
|
||||||
$clientIps[$key] = $clientIp = $match[1];
|
// and may occur in X-Forwarded-For.
|
||||||
|
$i = strpos($clientIp, ':');
|
||||||
|
if ($i) {
|
||||||
|
$clientIps[$key] = $clientIp = substr($clientIp, 0, $i);
|
||||||
|
}
|
||||||
|
} elseif ('[' == $clientIp[0]) {
|
||||||
|
// Strip brackets and :port from IPv6 addresses.
|
||||||
|
$i = strpos($clientIp, ']', 1);
|
||||||
|
$clientIps[$key] = $clientIp = substr($clientIp, 1, $i - 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!filter_var($clientIp, FILTER_VALIDATE_IP)) {
|
if (!filter_var($clientIp, FILTER_VALIDATE_IP)) {
|
||||||
|
@ -1019,7 +1019,7 @@ class RequestTest extends TestCase
|
|||||||
'HTTP_X_FORWARDED_FOR' => $httpXForwardedFor,
|
'HTTP_X_FORWARDED_FOR' => $httpXForwardedFor,
|
||||||
);
|
);
|
||||||
|
|
||||||
Request::setTrustedProxies(array('88.88.88.88'), Request::HEADER_X_FORWARDED_ALL);
|
Request::setTrustedProxies(array('88.88.88.88'), -1);
|
||||||
|
|
||||||
$request->initialize(array(), array(), array(), array(), array(), $server);
|
$request->initialize(array(), array(), array(), array(), array(), $server);
|
||||||
|
|
||||||
@ -2277,6 +2277,55 @@ class RequestTest extends TestCase
|
|||||||
$this->assertEquals($expectedBaseUrl, $request->getBaseUrl());
|
$this->assertEquals($expectedBaseUrl, $request->getBaseUrl());
|
||||||
$this->assertEquals($expectedBasePath, $request->getBasePath());
|
$this->assertEquals($expectedBasePath, $request->getBasePath());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testTrustedHost()
|
||||||
|
{
|
||||||
|
Request::setTrustedProxies(array('1.1.1.1'), -1);
|
||||||
|
|
||||||
|
$request = Request::create('/');
|
||||||
|
$request->server->set('REMOTE_ADDR', '1.1.1.1');
|
||||||
|
$request->headers->set('Forwarded', 'host=localhost:8080');
|
||||||
|
$request->headers->set('X-Forwarded-Host', 'localhost:8080');
|
||||||
|
|
||||||
|
$this->assertSame('localhost:8080', $request->getHttpHost());
|
||||||
|
$this->assertSame(8080, $request->getPort());
|
||||||
|
|
||||||
|
$request = Request::create('/');
|
||||||
|
$request->server->set('REMOTE_ADDR', '1.1.1.1');
|
||||||
|
$request->headers->set('Forwarded', 'host="[::1]:443"');
|
||||||
|
$request->headers->set('X-Forwarded-Host', '[::1]:443');
|
||||||
|
$request->headers->set('X-Forwarded-Port', 443);
|
||||||
|
|
||||||
|
$this->assertSame('[::1]:443', $request->getHttpHost());
|
||||||
|
$this->assertSame(443, $request->getPort());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testTrustedPort()
|
||||||
|
{
|
||||||
|
Request::setTrustedProxies(array('1.1.1.1'), -1);
|
||||||
|
|
||||||
|
$request = Request::create('/');
|
||||||
|
$request->server->set('REMOTE_ADDR', '1.1.1.1');
|
||||||
|
$request->headers->set('Forwarded', 'host=localhost:8080');
|
||||||
|
$request->headers->set('X-Forwarded-Port', 8080);
|
||||||
|
|
||||||
|
$this->assertSame(8080, $request->getPort());
|
||||||
|
|
||||||
|
$request = Request::create('/');
|
||||||
|
$request->server->set('REMOTE_ADDR', '1.1.1.1');
|
||||||
|
$request->headers->set('Forwarded', 'host=localhost');
|
||||||
|
$request->headers->set('X-Forwarded-Port', 80);
|
||||||
|
|
||||||
|
$this->assertSame(80, $request->getPort());
|
||||||
|
|
||||||
|
$request = Request::create('/');
|
||||||
|
$request->server->set('REMOTE_ADDR', '1.1.1.1');
|
||||||
|
$request->headers->set('Forwarded', 'host="[::1]"');
|
||||||
|
$request->headers->set('X-Forwarded-Proto', 'https');
|
||||||
|
$request->headers->set('X-Forwarded-Port', 443);
|
||||||
|
|
||||||
|
$this->assertSame(443, $request->getPort());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class RequestContentProxy extends Request
|
class RequestContentProxy extends Request
|
||||||
|
Reference in New Issue
Block a user