Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit c770eb9

Browse filesBrowse files
fabpotfabpot
committed
minor #19233 [HttpKernel] Move handling of conflicting origin IPs to catch block (magnusnordlander, nicolas-grekas)
This PR was merged into the 2.7 branch. Discussion ---------- [HttpKernel] Move handling of conflicting origin IPs to catch block | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #19217 | License | MIT | Doc PR | - Commits ------- db84101 [HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For 1f00b55 [HttpKernel] Move conflicting origin IPs handling to catch block
2 parents 3ef96b9 + db84101 commit c770eb9
Copy full SHA for c770eb9

File tree

6 files changed

+112
-21
lines changed
Filter options

6 files changed

+112
-21
lines changed

‎src/Symfony/Bundle/FrameworkBundle/Resources/config/web.xml

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Resources/config/web.xml
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,5 +46,9 @@
4646
<argument type="service" id="request_stack" />
4747
<tag name="kernel.event_subscriber" />
4848
</service>
49+
50+
<service id="validate_request_listener" class="Symfony\Component\HttpKernel\EventListener\ValidateRequestListener">
51+
<tag name="kernel.event_subscriber" />
52+
</service>
4953
</services>
5054
</container>

‎src/Symfony/Bundle/FrameworkBundle/composer.json

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/composer.json
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,8 +22,8 @@
2222
"symfony/config": "~2.4",
2323
"symfony/event-dispatcher": "~2.5",
2424
"symfony/finder": "~2.0,>=2.0.5",
25-
"symfony/http-foundation": "~2.4.9|~2.5,>=2.5.4",
26-
"symfony/http-kernel": "~2.7",
25+
"symfony/http-foundation": "~2.7",
26+
"symfony/http-kernel": "~2.7.15|~2.8.8",
2727
"symfony/filesystem": "~2.3",
2828
"symfony/routing": "~2.6,>2.6.4",
2929
"symfony/security-core": "~2.6.13|~2.7.9|~2.8",

‎src/Symfony/Component/HttpKernel/EventListener/ValidateRequestListener.php

Copy file name to clipboard
+55Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespace Symfony\Component\HttpKernel\EventListener;
13+
14+
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
15+
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
16+
use Symfony\Component\HttpKernel\KernelEvents;
17+
18+
/**
19+
* Validates that the headers and other information indicating the
20+
* client IP address of a request are consistent.
21+
*
22+
* @author Magnus Nordlander <magnus@fervo.se>
23+
*/
24+
class ValidateRequestListener implements EventSubscriberInterface
25+
{
26+
/**
27+
* Performs the validation.
28+
*
29+
* @param GetResponseEvent $event
30+
*/
31+
public function onKernelRequest(GetResponseEvent $event)
32+
{
33+
if (!$event->isMasterRequest()) {
34+
return;
35+
}
36+
$request = $event->getRequest();
37+
38+
if ($request::getTrustedProxies()) {
39+
// This will throw an exception if the headers are inconsistent.
40+
$request->getClientIps();
41+
}
42+
}
43+
44+
/**
45+
* {@inheritdoc}
46+
*/
47+
public static function getSubscribedEvents()
48+
{
49+
return array(
50+
KernelEvents::REQUEST => array(
51+
array('onKernelRequest', 256),
52+
),
53+
);
54+
}
55+
}

‎src/Symfony/Component/HttpKernel/HttpKernel.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/HttpKernel.php
+3-7Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,9 @@ public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQ
6363
try {
6464
return $this->handleRaw($request, $type);
6565
} catch (\Exception $e) {
66+
if ($e instanceof ConflictingHeadersException) {
67+
$e = new BadRequestHttpException('The request headers contain conflicting information regarding the origin of this request.', $e);
68+
}
6669
if (false === $catch) {
6770
$this->finishRequest($request, $type);
6871

@@ -115,13 +118,6 @@ public function terminateWithException(\Exception $exception)
115118
*/
116119
private function handleRaw(Request $request, $type = self::MASTER_REQUEST)
117120
{
118-
if (self::MASTER_REQUEST === $type && $request::getTrustedProxies()) {
119-
try {
120-
$request->getClientIps();
121-
} catch (ConflictingHeadersException $e) {
122-
throw new BadRequestHttpException('The request headers contain conflicting information regarding the origin of this request.', $e);
123-
}
124-
}
125121
$this->requestStack->push($request);
126122

127123
// request

‎src/Symfony/Component/HttpKernel/Tests/EventListener/ValidateRequestListenerTest.php

Copy file name to clipboard
+42Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespace Symfony\Component\HttpKernel\Tests\EventListener;
13+
14+
use Symfony\Component\EventDispatcher\EventDispatcher;
15+
use Symfony\Component\HttpFoundation\Request;
16+
use Symfony\Component\HttpKernel\EventListener\ValidateRequestListener;
17+
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
18+
use Symfony\Component\HttpKernel\HttpKernelInterface;
19+
use Symfony\Component\HttpKernel\KernelEvents;
20+
21+
class ValidateRequestListenerTest extends \PHPUnit_Framework_TestCase
22+
{
23+
/**
24+
* @expectedException Symfony\Component\HttpFoundation\Exception\ConflictingHeadersException
25+
*/
26+
public function testListenerThrowsWhenMasterRequestHasInconsistentClientIps()
27+
{
28+
$dispatcher = new EventDispatcher();
29+
$kernel = $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface');
30+
31+
$request = new Request();
32+
$request->setTrustedProxies(array('1.1.1.1'));
33+
$request->server->set('REMOTE_ADDR', '1.1.1.1');
34+
$request->headers->set('FORWARDED', '2.2.2.2');
35+
$request->headers->set('X_FORWARDED_FOR', '3.3.3.3');
36+
37+
$dispatcher->addListener(KernelEvents::REQUEST, array(new ValidateRequestListener(), 'onKernelRequest'));
38+
$event = new GetResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST);
39+
40+
$dispatcher->dispatch(KernelEvents::REQUEST, $event);
41+
}
42+
}

‎src/Symfony/Component/HttpKernel/Tests/HttpKernelTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/HttpKernelTest.php
+6-12Lines changed: 6 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -276,26 +276,20 @@ public function testVerifyRequestStackPushPopDuringHandle()
276276
*/
277277
public function testInconsistentClientIpsOnMasterRequests()
278278
{
279-
$kernel = new HttpKernel(new EventDispatcher(), $this->getResolver());
280-
$request = new Request();
281-
$request->setTrustedProxies(array('1.1.1.1'));
282-
$request->server->set('REMOTE_ADDR', '1.1.1.1');
283-
$request->headers->set('FORWARDED', '2.2.2.2');
284-
$request->headers->set('X_FORWARDED_FOR', '3.3.3.3');
279+
$dispatcher = new EventDispatcher();
280+
$dispatcher->addListener(KernelEvents::REQUEST, function ($event) {
281+
$event->getRequest()->getClientIp();
282+
});
285283

286-
$kernel->handle($request, $kernel::MASTER_REQUEST, false);
287-
}
284+
$kernel = new HttpKernel($dispatcher, $this->getResolver());
288285

289-
public function testInconsistentClientIpsOnSubRequests()
290-
{
291-
$kernel = new HttpKernel(new EventDispatcher(), $this->getResolver());
292286
$request = new Request();
293287
$request->setTrustedProxies(array('1.1.1.1'));
294288
$request->server->set('REMOTE_ADDR', '1.1.1.1');
295289
$request->headers->set('FORWARDED', '2.2.2.2');
296290
$request->headers->set('X_FORWARDED_FOR', '3.3.3.3');
297291

298-
$this->assertInstanceOf('Symfony\Component\HttpFoundation\Response', $kernel->handle($request, $kernel::SUB_REQUEST, false));
292+
$kernel->handle($request, $kernel::MASTER_REQUEST, false);
299293
}
300294

301295
protected function getResolver($controller = null)

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.