Merge branch '2.8' into 3.4
* 2.8: [HttpFoundation] Remove support for legacy and risky HTTP headers
This commit is contained in:
commit
768abbfe64
|
@ -1,6 +1,12 @@
|
|||
CHANGELOG
|
||||
=========
|
||||
|
||||
3.4.14
|
||||
------
|
||||
|
||||
* [BC BREAK] Support for the IIS-only `X_ORIGINAL_URL` and `X_REWRITE_URL`
|
||||
HTTP headers has been dropped for security reasons.
|
||||
|
||||
3.4.0
|
||||
-----
|
||||
|
||||
|
|
|
@ -1829,18 +1829,7 @@ class Request
|
|||
{
|
||||
$requestUri = '';
|
||||
|
||||
if ($this->headers->has('X_ORIGINAL_URL')) {
|
||||
// IIS with Microsoft Rewrite Module
|
||||
$requestUri = $this->headers->get('X_ORIGINAL_URL');
|
||||
$this->headers->remove('X_ORIGINAL_URL');
|
||||
$this->server->remove('HTTP_X_ORIGINAL_URL');
|
||||
$this->server->remove('UNENCODED_URL');
|
||||
$this->server->remove('IIS_WasUrlRewritten');
|
||||
} elseif ($this->headers->has('X_REWRITE_URL')) {
|
||||
// IIS with ISAPI_Rewrite
|
||||
$requestUri = $this->headers->get('X_REWRITE_URL');
|
||||
$this->headers->remove('X_REWRITE_URL');
|
||||
} elseif ('1' == $this->server->get('IIS_WasUrlRewritten') && '' != $this->server->get('UNENCODED_URL')) {
|
||||
if ('1' == $this->server->get('IIS_WasUrlRewritten') && '' != $this->server->get('UNENCODED_URL')) {
|
||||
// IIS7 with URL Rewrite: make sure we get the unencoded URL (double slash problem)
|
||||
$requestUri = $this->server->get('UNENCODED_URL');
|
||||
$this->server->remove('UNENCODED_URL');
|
||||
|
|
|
@ -1904,20 +1904,6 @@ class RequestTest extends TestCase
|
|||
public function iisRequestUriProvider()
|
||||
{
|
||||
return array(
|
||||
array(
|
||||
array(
|
||||
'X_ORIGINAL_URL' => '/foo/bar',
|
||||
),
|
||||
array(),
|
||||
'/foo/bar',
|
||||
),
|
||||
array(
|
||||
array(
|
||||
'X_REWRITE_URL' => '/foo/bar',
|
||||
),
|
||||
array(),
|
||||
'/foo/bar',
|
||||
),
|
||||
array(
|
||||
array(),
|
||||
array(
|
||||
|
@ -1926,36 +1912,6 @@ class RequestTest extends TestCase
|
|||
),
|
||||
'/foo/bar',
|
||||
),
|
||||
array(
|
||||
array(
|
||||
'X_ORIGINAL_URL' => '/foo/bar',
|
||||
),
|
||||
array(
|
||||
'HTTP_X_ORIGINAL_URL' => '/foo/bar',
|
||||
),
|
||||
'/foo/bar',
|
||||
),
|
||||
array(
|
||||
array(
|
||||
'X_ORIGINAL_URL' => '/foo/bar',
|
||||
),
|
||||
array(
|
||||
'IIS_WasUrlRewritten' => '1',
|
||||
'UNENCODED_URL' => '/foo/bar',
|
||||
),
|
||||
'/foo/bar',
|
||||
),
|
||||
array(
|
||||
array(
|
||||
'X_ORIGINAL_URL' => '/foo/bar',
|
||||
),
|
||||
array(
|
||||
'HTTP_X_ORIGINAL_URL' => '/foo/bar',
|
||||
'IIS_WasUrlRewritten' => '1',
|
||||
'UNENCODED_URL' => '/foo/bar',
|
||||
),
|
||||
'/foo/bar',
|
||||
),
|
||||
array(
|
||||
array(),
|
||||
array(
|
||||
|
|
Reference in New Issue