diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php index 0f6e467823..f655c0e129 100644 --- a/src/Symfony/Component/HttpFoundation/Request.php +++ b/src/Symfony/Component/HttpFoundation/Request.php @@ -20,6 +20,11 @@ namespace Symfony\Component\HttpFoundation; */ class Request { + const HEADER_CLIENT_IP = 'client_ip'; + const HEADER_CLIENT_HOST = 'client_host'; + const HEADER_CLIENT_PROTO = 'client_proto'; + const HEADER_CLIENT_PORT = 'client_port'; + protected static $trustProxyData = false; protected static $trustedProxies = array(); @@ -32,10 +37,10 @@ class Request * by popular reverse proxies (like Apache mod_proxy or Amazon EC2). */ protected static $trustedHeaders = array( - 'client_ip' => 'X_FORWARDED_FOR', - 'client_host' => 'X_FORWARDED_HOST', - 'client_proto' => 'X_FORWARDED_PROTO', - 'client_port' => 'X_FORWARDED_PORT', + self::HEADER_CLIENT_IP => 'X_FORWARDED_FOR', + self::HEADER_CLIENT_HOST => 'X_FORWARDED_HOST', + self::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO', + self::HEADER_CLIENT_PORT => 'X_FORWARDED_PORT', ); /** @@ -400,10 +405,10 @@ class Request * * The following header keys are supported: * - * * client_ip: defaults to X-Forwarded-For (see getClientIp()) - * * client_host: defaults to X-Forwarded-Host (see getClientHost()) - * * client_port: defaults to X-Forwarded-Port (see getClientPort()) - * * client_proto: defaults to X-Forwarded-Proto (see getScheme() and isSecure()) + * * Request::HEADER_CLIENT_IP: defaults to X-Forwarded-For (see getClientIp()) + * * Request::HEADER_CLIENT_HOST: defaults to X-Forwarded-Host (see getClientHost()) + * * Request::HEADER_CLIENT_PORT: defaults to X-Forwarded-Port (see getClientPort()) + * * Request::HEADER_CLIENT_PROTO: defaults to X-Forwarded-Proto (see getScheme() and isSecure()) * * Setting an empty value allows to disable the trusted header for the given key. * @@ -521,11 +526,11 @@ class Request return $ip; } - if (!self::$trustedHeaders['client_ip'] || !$this->headers->has(self::$trustedHeaders['client_ip'])) { + if (!self::$trustedHeaders[self::HEADER_CLIENT_IP] || !$this->headers->has(self::$trustedHeaders[self::HEADER_CLIENT_IP])) { return $ip; } - $clientIps = array_map('trim', explode(',', $this->headers->get(self::$trustedHeaders['client_ip']))); + $clientIps = array_map('trim', explode(',', $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_IP]))); $clientIps[] = $ip; $trustedProxies = ($proxy || self::$trustProxyData) && !self::$trustedProxies ? array($ip) : self::$trustedProxies; @@ -642,7 +647,7 @@ class Request */ public function getPort() { - if (self::$trustProxyData && self::$trustedHeaders['client_port'] && $port = $this->headers->get(self::$trustedHeaders['client_port'])) { + if (self::$trustProxyData && self::$trustedHeaders[self::HEADER_CLIENT_PORT] && $port = $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_PORT])) { return $port; } @@ -771,7 +776,7 @@ class Request */ public function isSecure() { - if (self::$trustProxyData && self::$trustedHeaders['client_proto'] && $proto = $this->headers->get(self::$trustedHeaders['client_proto'])) { + if (self::$trustProxyData && self::$trustedHeaders[self::HEADER_CLIENT_PROTO] && $proto = $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_PROTO])) { return in_array(strtolower($proto), array('https', 'on', '1')); } @@ -795,7 +800,7 @@ class Request */ public function getHost() { - if (self::$trustProxyData && self::$trustedHeaders['client_host'] && $host = $this->headers->get(self::$trustedHeaders['client_host'])) { + if (self::$trustProxyData && self::$trustedHeaders[self::HEADER_CLIENT_HOST] && $host = $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_HOST])) { $elements = explode(',', $host); $host = trim($elements[count($elements) - 1]); diff --git a/tests/Symfony/Tests/Component/HttpFoundation/RequestTest.php b/tests/Symfony/Tests/Component/HttpFoundation/RequestTest.php index 2eb4ba49a2..9956b87e8d 100644 --- a/tests/Symfony/Tests/Component/HttpFoundation/RequestTest.php +++ b/tests/Symfony/Tests/Component/HttpFoundation/RequestTest.php @@ -887,20 +887,20 @@ class RequestTest extends \PHPUnit_Framework_TestCase $this->assertTrue($request->isSecure()); // custom header names - Request::setTrustedHeaderName('client_ip', 'X_MY_FOR'); - Request::setTrustedHeaderName('client_host', 'X_MY_HOST'); - Request::setTrustedHeaderName('client_port', 'X_MY_PORT'); - Request::setTrustedHeaderName('client_proto', 'X_MY_PROTO'); + Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'X_MY_FOR'); + Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'X_MY_HOST'); + Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, 'X_MY_PORT'); + Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, 'X_MY_PROTO'); $this->assertEquals('4.4.4.4', $request->getClientIp()); $this->assertEquals('my.example.com', $request->getHost()); $this->assertEquals(81, $request->getPort()); $this->assertFalse($request->isSecure()); // disabling via empty header names - Request::setTrustedHeaderName('client_ip', null); - Request::setTrustedHeaderName('client_host', null); - Request::setTrustedHeaderName('client_port', null); - Request::setTrustedHeaderName('client_proto', null); + Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, null); + Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, null); + Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, null); + Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, null); $this->assertEquals('3.3.3.3', $request->getClientIp()); $this->assertEquals('example.com', $request->getHost()); $this->assertEquals(80, $request->getPort());