bug #32096 Don't assume port 0 for X-Forwarded-Port (alexbowers, xabbuh)
This PR was merged into the 3.4 branch. Discussion ---------- Don't assume port 0 for X-Forwarded-Port | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | none added | Fixed tickets | | License | MIT | Doc PR | - If you use X-Forwarded-Host but don't provide X-Forwarded-Port, it will default to `0.0.0.0:` which then assumes port `0` instead of following its default assumption based on the scheme. Commits -------adcdd938a4
PHP 5 compat6c49a0c758
Add test casec266d6c737
Update Request.php23db9be884
Don't assume port 0 for X-Forwarded-Port
This commit is contained in:
commit
931965a448
@ -1037,8 +1037,8 @@ class Request
|
|||||||
$pos = strrpos($host, ':');
|
$pos = strrpos($host, ':');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (false !== $pos) {
|
if (false !== $pos && $port = substr($host, $pos + 1)) {
|
||||||
return (int) substr($host, $pos + 1);
|
return (int) $port;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 'https' === $this->getScheme() ? 443 : 80;
|
return 'https' === $this->getScheme() ? 443 : 80;
|
||||||
|
@ -2427,6 +2427,18 @@ class RequestTest extends TestCase
|
|||||||
|
|
||||||
$this->assertSame(443, $request->getPort());
|
$this->assertSame(443, $request->getPort());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testTrustedPortDoesNotDefaultToZero()
|
||||||
|
{
|
||||||
|
Request::setTrustedProxies(['1.1.1.1'], Request::HEADER_X_FORWARDED_ALL);
|
||||||
|
|
||||||
|
$request = Request::create('/');
|
||||||
|
$request->server->set('REMOTE_ADDR', '1.1.1.1');
|
||||||
|
$request->headers->set('X-Forwarded-Host', 'test.example.com');
|
||||||
|
$request->headers->set('X-Forwarded-Port', null);
|
||||||
|
|
||||||
|
$this->assertSame(80, $request->getPort());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class RequestContentProxy extends Request
|
class RequestContentProxy extends Request
|
||||||
|
Reference in New Issue
Block a user