diff --git a/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php b/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php index 2c8d58f956..25007bd115 100644 --- a/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php +++ b/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php @@ -111,10 +111,11 @@ class InlineFragmentRenderer extends RoutableFragmentRenderer // Sub-request object will point to localhost as client ip and real client ip // will be included into trusted header for client ip try { - $trustedHeaderName = Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP); - $currentXForwardedFor = $request->headers->get($trustedHeaderName, ''); + if ($trustedHeaderName = Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP)) { + $currentXForwardedFor = $request->headers->get($trustedHeaderName, ''); - $server['HTTP_'.$trustedHeaderName] = ($currentXForwardedFor ? $currentXForwardedFor.', ' : '').$request->getClientIp(); + $server['HTTP_'.$trustedHeaderName] = ($currentXForwardedFor ? $currentXForwardedFor.', ' : '').$request->getClientIp(); + } } catch (\InvalidArgumentException $e) { // Do nothing } diff --git a/src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php b/src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php index f405dae09c..ded1071f9f 100644 --- a/src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php +++ b/src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php @@ -67,6 +67,26 @@ class InlineFragmentRendererTest extends \PHPUnit_Framework_TestCase $strategy->render(new ControllerReference('main_controller', array('object' => $object), array()), Request::create('/')); } + public function testRenderWithTrustedHeaderDisabled() + { + $trustedHeaderName = Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP); + + Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, ''); + + $kernel = $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'); + $kernel + ->expects($this->any()) + ->method('handle') + ->with(Request::create('/')) + ; + + $strategy = new InlineFragmentRenderer($kernel); + + $strategy->render('/', Request::create('/')); + + Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, $trustedHeaderName); + } + /** * @expectedException \RuntimeException */ @@ -147,8 +167,11 @@ class InlineFragmentRendererTest extends \PHPUnit_Framework_TestCase { $expectedSubRequest = Request::create('/'); $expectedSubRequest->headers->set('Surrogate-Capability', 'abc="ESI/1.0"'); - $expectedSubRequest->headers->set('x-forwarded-for', array('127.0.0.1')); - $expectedSubRequest->server->set('HTTP_X_FORWARDED_FOR', '127.0.0.1'); + + if (Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP)) { + $expectedSubRequest->headers->set('x-forwarded-for', array('127.0.0.1')); + $expectedSubRequest->server->set('HTTP_X_FORWARDED_FOR', '127.0.0.1'); + } $kernel = $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'); $kernel @@ -163,4 +186,14 @@ class InlineFragmentRendererTest extends \PHPUnit_Framework_TestCase $request->headers->set('Surrogate-Capability', 'abc="ESI/1.0"'); $strategy->render('/', $request); } + + public function testESIHeaderIsKeptInSubrequestWithTrustedHeaderDisabled() + { + $trustedHeaderName = Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP); + Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, ''); + + $this->testESIHeaderIsKeptInSubrequest(); + + Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, $trustedHeaderName); + } }