diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

merged branch mweimerskirch/patch-12 (PR #7092)

Browse Source 
This PR was submitted for the 2.2 branch but it was merged into the 2.1 branch instead (closes #7092).

Commits
-------

187645f Fix REMOTE_ADDR for cached subrequests

Discussion
----------

[HttpKernel/HttpCache] Fix "REMOTE_ADDR" for cached subrequests

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | none that I know of
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | 7091
| License       | MIT

I moved the code that modifies the REMOTE_ADDR variable further up the chain so that cached subrequests also receive the local IP address. Before, only new subrequests received the local IP address and cached ones received the original IP, which made "validateRequest" in FragmentListener fail.

Please review. I'm not sure about side-effects of this patch, including possible security issues.

Fixes #7091

---------------------------------------------------------------------------

by bamarni at 2013-02-16T11:49:27Z

@fabpot rejected setting this on the master request, so you should do it on the ```forward()``` method instead.

---------------------------------------------------------------------------

by mweimerskirch at 2013-02-16T12:13:46Z

@bamarni @fabpot done
This commit is contained in:
Fabien Potencier 2013-02-17 12:37:52 +01:00
commit 8fc69c3199
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
View File

@ -413,18 +413,6 @@ class HttpCache implements HttpKernelInterface, TerminableInterface
$subRequest->headers->remove('if_modified_since');
$subRequest->headers->remove('if_none_match');
// modify the X-Forwarded-For header if needed
$forwardedFor = $subRequest->headers->get('X-Forwarded-For');
if ($forwardedFor) {
$subRequest->headers->set('X-Forwarded-For', $forwardedFor.', '.$subRequest->server->get('REMOTE_ADDR'));
} else {
$subRequest->headers->set('X-Forwarded-For', $subRequest->server->get('REMOTE_ADDR'));
}
// fix the client IP address by setting it to 127.0.0.1 as HttpCache
// is always called from the same process as the backend.
$subRequest->server->set('REMOTE_ADDR', '127.0.0.1');
$response = $this->forward($subRequest, $catch);
if ($this->isPrivateRequest($request) && !$response->headers->hasCacheControlDirective('public')) {
@ -455,6 +443,18 @@ class HttpCache implements HttpKernelInterface, TerminableInterface
$this->esi->addSurrogateEsiCapability($request);
}
// modify the X-Forwarded-For header if needed
$forwardedFor = $request->headers->get('X-Forwarded-For');
if ($forwardedFor) {
$request->headers->set('X-Forwarded-For', $forwardedFor.', '.$request->server->get('REMOTE_ADDR'));
} else {
$request->headers->set('X-Forwarded-For', $request->server->get('REMOTE_ADDR'));
}
// fix the client IP address by setting it to 127.0.0.1 as HttpCache
// is always called from the same process as the backend.
$request->server->set('REMOTE_ADDR', '127.0.0.1');
// always a "master" request (as the real master request can be in cache)
$response = $this->kernel->handle($request, HttpKernelInterface::MASTER_REQUEST, $catch);
// FIXME: we probably need to also catch exceptions if raw === true