From a0e23910633a2761b3fdeee235ce2001aa9afc07 Mon Sep 17 00:00:00 2001
From: Bilal Amarni <bilal.amarni@gmail.com>
Date: Thu, 6 Dec 2012 13:06:01 +0100
Subject: [PATCH 1/2] [FrameworkBundle] used the new method for trusted proxies

---
 .../DependencyInjection/Configuration.php              | 10 +++++++++-
 .../DependencyInjection/FrameworkExtension.php         |  3 +++
 src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php |  6 ++++--
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
index f32523c561..eab82121c0 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
@@ -47,7 +47,15 @@ class Configuration implements ConfigurationInterface
         $rootNode
             ->children()
                 ->scalarNode('charset')->end()
-                ->scalarNode('trust_proxy_headers')->defaultFalse()->end()
+                ->arrayNode('trusted_proxies')
+                    ->prototype('scalar')
+                        ->validate()
+                            ->ifTrue(function($v) { return !filter_var($v, FILTER_VALIDATE_IP); })
+                            ->thenInvalid('Invalid proxy IP "%s"')
+                        ->end()
+                    ->end()
+                ->end()
+                ->scalarNode('trust_proxy_headers')->defaultFalse()->end() // @deprecated, to be removed in 2.3
                 ->scalarNode('secret')->isRequired()->end()
                 ->scalarNode('ide')->defaultNull()->end()
                 ->booleanNode('test')->end()
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
index 989991ad34..0a74063123 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -62,6 +62,9 @@ class FrameworkExtension extends Extension
         }
         $container->setParameter('kernel.secret', $config['secret']);
 
+        $container->setParameter('kernel.trusted_proxies', $config['trusted_proxies']);
+
+        // @deprecated, to be removed in 2.3
         $container->setParameter('kernel.trust_proxy_headers', $config['trust_proxy_headers']);
 
         if (!empty($config['test'])) {
diff --git a/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php b/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
index 5f34b12ef8..06284b96a5 100644
--- a/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
+++ b/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
@@ -37,8 +37,10 @@ class FrameworkBundle extends Bundle
 {
     public function boot()
     {
-        if ($this->container->getParameter('kernel.trust_proxy_headers')) {
-            Request::trustProxyData();
+        if ($trustedProxies = $this->container->getParameter('kernel.trusted_proxies')) {
+            Request::setTrustedProxies($trustedProxies);
+        } elseif ($this->container->getParameter('kernel.trust_proxy_headers')) {
+            Request::trustProxyData(); // @deprecated, to be removed in 2.3
         }
     }
 

From 555e777b0c45e710a19a0a55eb9a6c28bd2c18c5 Mon Sep 17 00:00:00 2001
From: Pierre-Yves LEBECQ <py.lebecq@gmail.com>
Date: Fri, 14 Dec 2012 11:26:52 +0100
Subject: [PATCH 2/2] [FrameworkBundle] Added tests for trusted_proxies
 configuration.

---
 .../DependencyInjection/ConfigurationTest.php | 78 +++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php

diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
new file mode 100644
index 0000000000..d6d7cf9a14
--- /dev/null
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
@@ -0,0 +1,78 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bundle\FrameworkBundle\Tests\DependencyInjection;
+
+use Symfony\Bundle\FrameworkBundle\DependencyInjection\Configuration;
+use Symfony\Component\Config\Definition\Processor;
+
+class ConfigurationTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @dataProvider getTestConfigTreeData
+     */
+    public function testConfigTree($options, $results)
+    {
+        $processor = new Processor();
+        $configuration = new Configuration(array());
+        $config = $processor->processConfiguration($configuration, array($options));
+
+        $this->assertEquals($results, $config);
+    }
+
+    public function getTestConfigTreeData()
+    {
+        return array(
+            array(array('secret' => 's3cr3t'), array('secret' => 's3cr3t', 'trusted_proxies' => array(), 'trust_proxy_headers' => false, 'ide' => NULL, 'annotations' => array('cache' => 'file', 'file_cache_dir' => '%kernel.cache_dir%/annotations', 'debug' => false))),
+        );
+    }
+
+    /**
+     * @dataProvider getTestValidTrustedProxiesData
+     */
+    public function testValidTrustedProxies($options, $results)
+    {
+        $processor = new Processor();
+        $configuration = new Configuration(array());
+        $config = $processor->processConfiguration($configuration, array($options));
+
+        $this->assertEquals($results, $config);
+    }
+
+    public function getTestValidTrustedProxiesData()
+    {
+        return array(
+            array(array('secret' => 's3cr3t', 'trusted_proxies' => array('127.0.0.1')), array('secret' => 's3cr3t', 'trusted_proxies' => array('127.0.0.1'), 'trust_proxy_headers' => false, 'ide' => NULL, 'annotations' => array('cache' => 'file', 'file_cache_dir' => '%kernel.cache_dir%/annotations', 'debug' => false))),
+            array(array('secret' => 's3cr3t', 'trusted_proxies' => array('::1')), array('secret' => 's3cr3t', 'trusted_proxies' => array('::1'), 'trust_proxy_headers' => false, 'ide' => NULL, 'annotations' => array('cache' => 'file', 'file_cache_dir' => '%kernel.cache_dir%/annotations', 'debug' => false))),
+            array(array('secret' => 's3cr3t', 'trusted_proxies' => array('127.0.0.1', '::1')), array('secret' => 's3cr3t', 'trusted_proxies' => array('127.0.0.1', '::1'), 'trust_proxy_headers' => false, 'ide' => NULL, 'annotations' => array('cache' => 'file', 'file_cache_dir' => '%kernel.cache_dir%/annotations', 'debug' => false))),
+        );
+    }
+
+    /**
+     * @expectedException Symfony\Component\Config\Definition\Exception\InvalidTypeException
+     */
+    public function testInvalidTypeTrustedProxies()
+    {
+        $processor = new Processor();
+        $configuration = new Configuration(array());
+        $config = $processor->processConfiguration($configuration, array(array('secret' => 's3cr3t', 'trusted_proxies' => 'Not an IP address')));
+    }
+
+    /**
+     * @expectedException Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
+     */
+    public function testInvalidValueTrustedProxies()
+    {
+        $processor = new Processor();
+        $configuration = new Configuration(array());
+        $config = $processor->processConfiguration($configuration, array(array('secret' => 's3cr3t', 'trusted_proxies' => array('Not an IP address'))));
+    }
+}