bug #13114 [HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP head... (fabpot)

This PR was merged into the 2.3 branch. Discussion ---------- [HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP head... | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a On symfony.com, we have errors related to IP addresses in the `X-Forwarded-For` HTTP header that have a port. If that happens (I have no ideas what is doing that), the page crashes with an error like `inet_pton(): Unrecognized address 187.65.229.211:63479` (which comes from IpUtils::checkIpv6()). This fixes the root cause by removing the port. #12572 is solving the consequence and I propose to also merge it. Commits ------- 60ad382 [HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP header contains a port
2014-12-29 09:20:51 +01:00 · 2014-12-29 09:20:51 +01:00 · 55feca6958
commit 55feca6958
parent ff079dd41e 60ad382684
2 changed files with 8 additions and 0 deletions
--- a/src/Symfony/Component/HttpFoundation/Request.php
+++ b/src/Symfony/Component/HttpFoundation/Request.php
@ -793,6 +793,11 @@ class Request

        // Eliminate all IPs from the forwarded IP chain which are trusted proxies
        foreach ($clientIps as $key => $clientIp) {
+            // Remove port on IPv4 address (unfortunately, it does happen)
+            if (preg_match('{((?:\d+\.){3}\d+)\:\d+}', $clientIp, $match)) {
+                $clientIps[$key] = $clientIp = $match[1];
+            }
+
            if (IpUtils::checkIp($clientIp, self::$trustedProxies)) {
                unset($clientIps[$key]);
            }
--- a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
@ -884,6 +884,9 @@ class RequestTest extends \PHPUnit_Framework_TestCase
            array(array('3620:0:1cfe:face:b00c::3'), '1620:0:1cfe:face:b00c::3', '3620:0:1cfe:face:b00c::3,2620:0:1cfe:face:b00c::3', array('1620:0:1cfe:face:b00c::3', '2620:0:1cfe:face:b00c::3')),
            // multiple forwarded for with remote IPv4 addr and some reverse proxies trusted but in the middle
            array(array('2620:0:1cfe:face:b00c::3', '4620:0:1cfe:face:b00c::3'), '1620:0:1cfe:face:b00c::3', '4620:0:1cfe:face:b00c::3,3620:0:1cfe:face:b00c::3,2620:0:1cfe:face:b00c::3', array('1620:0:1cfe:face:b00c::3', '3620:0:1cfe:face:b00c::3')),
+
+            // client IP with port
+            array(array('88.88.88.88'), '127.0.0.1', '88.88.88.88:12345, 127.0.0.1', array('127.0.0.1')),
        );
    }