From f657dd2444a5604148f3ed8dd3ee1181352c7d9b Mon Sep 17 00:00:00 2001
From: Zacharias Luiten <zacharias.luiten@karify.com>
Date: Thu, 19 Jul 2018 15:02:57 +0200
Subject: [PATCH] [HttpKernel] Fixed invalid REMOTE_ADDR in inline subrequest
 when configuring trusted proxy with subnet

---
 .../Fragment/InlineFragmentRenderer.php       | 14 ++++++++++++--
 .../Fragment/InlineFragmentRendererTest.php   | 19 +++++++++++++++++++
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php b/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php
index d7d2e55a9e..31cfb0de09 100644
--- a/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php
+++ b/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php
@@ -122,8 +122,7 @@ class InlineFragmentRenderer extends RoutableFragmentRenderer
             // Do nothing
         }
 
-        $trustedProxies = Request::getTrustedProxies();
-        $server['REMOTE_ADDR'] = $trustedProxies ? reset($trustedProxies) : '127.0.0.1';
+        $server['REMOTE_ADDR'] = $this->resolveTrustedProxy();
 
         unset($server['HTTP_IF_MODIFIED_SINCE']);
         unset($server['HTTP_IF_NONE_MATCH']);
@@ -140,6 +139,17 @@ class InlineFragmentRenderer extends RoutableFragmentRenderer
         return $subRequest;
     }
 
+    private function resolveTrustedProxy()
+    {
+        if (!$trustedProxies = Request::getTrustedProxies()) {
+            return '127.0.0.1';
+        }
+
+        $firstTrustedProxy = reset($trustedProxies);
+
+        return false !== ($i = strpos($firstTrustedProxy, '/')) ? substr($firstTrustedProxy, 0, $i) : $firstTrustedProxy;
+    }
+
     /**
      * {@inheritdoc}
      */
diff --git a/src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php b/src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php
index bb56536c58..481dcc7f4b 100644
--- a/src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php
+++ b/src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php
@@ -226,6 +226,25 @@ class InlineFragmentRendererTest extends TestCase
         Request::setTrustedProxies(array());
     }
 
+    public function testIpAddressOfRangedTrustedProxyIsSetAsRemote()
+    {
+        $expectedSubRequest = Request::create('/');
+        $expectedSubRequest->headers->set('Surrogate-Capability', 'abc="ESI/1.0"');
+        $expectedSubRequest->server->set('REMOTE_ADDR', '1.1.1.1');
+        $expectedSubRequest->headers->set('x-forwarded-for', array('127.0.0.1'));
+        $expectedSubRequest->server->set('HTTP_X_FORWARDED_FOR', '127.0.0.1');
+
+        Request::setTrustedProxies(array('1.1.1.1/24'));
+
+        $strategy = new InlineFragmentRenderer($this->getKernelExpectingRequest($expectedSubRequest));
+
+        $request = Request::create('/');
+        $request->headers->set('Surrogate-Capability', 'abc="ESI/1.0"');
+        $strategy->render('/', $request);
+
+        Request::setTrustedProxies(array());
+    }
+
     /**
      * Creates a Kernel expecting a request equals to $request
      * Allows delta in comparison in case REQUEST_TIME changed by 1 second.