Include untrusted host in the exception message
This commit is contained in:
parent
4cfbdf11c3
commit
fd2f63382a
@ -1101,7 +1101,7 @@ class Request
|
|||||||
// as the host can come from the user (HTTP_HOST and depending on the configuration, SERVER_NAME too can come from the user)
|
// as the host can come from the user (HTTP_HOST and depending on the configuration, SERVER_NAME too can come from the user)
|
||||||
// check that it does not contain forbidden characters (see RFC 952 and RFC 2181)
|
// check that it does not contain forbidden characters (see RFC 952 and RFC 2181)
|
||||||
if ($host && !preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host)) {
|
if ($host && !preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host)) {
|
||||||
throw new \UnexpectedValueException('Invalid Host');
|
throw new \UnexpectedValueException('Invalid Host "'.$host.'"');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (count(self::$trustedHostPatterns) > 0) {
|
if (count(self::$trustedHostPatterns) > 0) {
|
||||||
@ -1119,7 +1119,7 @@ class Request
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new \UnexpectedValueException('Untrusted Host');
|
throw new \UnexpectedValueException('Untrusted Host "'.$host.'"');
|
||||||
}
|
}
|
||||||
|
|
||||||
return $host;
|
return $host;
|
||||||
|
@ -1520,7 +1520,7 @@ class RequestTest extends \PHPUnit_Framework_TestCase
|
|||||||
$request->getHost();
|
$request->getHost();
|
||||||
$this->fail('Request::getHost() should throw an exception when host is not trusted.');
|
$this->fail('Request::getHost() should throw an exception when host is not trusted.');
|
||||||
} catch (\UnexpectedValueException $e) {
|
} catch (\UnexpectedValueException $e) {
|
||||||
$this->assertEquals('Untrusted Host', $e->getMessage());
|
$this->assertEquals('Untrusted Host "evil.com"', $e->getMessage());
|
||||||
}
|
}
|
||||||
|
|
||||||
// trusted hosts
|
// trusted hosts
|
||||||
|
Reference in New Issue
Block a user