From 23db9be884776baa4071cc4f087d7694345b1a34 Mon Sep 17 00:00:00 2001 From: Alex Bowers Date: Wed, 19 Jun 2019 12:46:55 +0100 Subject: [PATCH 1/4] Don't assume port 0 for X-Forwarded-Port --- src/Symfony/Component/HttpFoundation/Request.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php index ea3f460c4692..fc26304ad236 100644 --- a/src/Symfony/Component/HttpFoundation/Request.php +++ b/src/Symfony/Component/HttpFoundation/Request.php @@ -1037,7 +1037,7 @@ public function getPort() $pos = strrpos($host, ':'); } - if (false !== $pos) { + if (false !== $pos && !empty(substr($host, $pos + 1))) { return (int) substr($host, $pos + 1); } From c266d6c7371799cf8d5f803322b24a773e5e1f1b Mon Sep 17 00:00:00 2001 From: Alex Bowers Date: Wed, 19 Jun 2019 17:03:11 +0100 Subject: [PATCH 2/4] Update Request.php --- src/Symfony/Component/HttpFoundation/Request.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php index fc26304ad236..38b7fc21691c 100644 --- a/src/Symfony/Component/HttpFoundation/Request.php +++ b/src/Symfony/Component/HttpFoundation/Request.php @@ -1037,8 +1037,8 @@ public function getPort() $pos = strrpos($host, ':'); } - if (false !== $pos && !empty(substr($host, $pos + 1))) { - return (int) substr($host, $pos + 1); + if (false !== $pos && '' !== $port = substr($host, $pos + 1)) { + return (int) $port; } return 'https' === $this->getScheme() ? 443 : 80; From 6c49a0c758c0dfacbe812bef8348ae7356029137 Mon Sep 17 00:00:00 2001 From: Alex Bowers Date: Sun, 30 Jun 2019 23:48:04 +0100 Subject: [PATCH 3/4] Add test case --- .../Component/HttpFoundation/Tests/RequestTest.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php index d266e1f68a4c..650d8fca7dba 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php @@ -2427,6 +2427,18 @@ public function testTrustedPort() $this->assertSame(443, $request->getPort()); } + + public function testTrustedPortDoesNotDefaultToZero() + { + Request::setTrustedProxies(['1.1.1.1'], Request::HEADER_X_FORWARDED_ALL); + + $request = Request::create('/'); + $request->server->set('REMOTE_ADDR', '1.1.1.1'); + $request->headers->set('X-Forwarded-Host', 'test.example.com'); + $request->headers->set('X-Forwarded-Port', null); + + $this->assertSame(80, $request->getPort()); + } } class RequestContentProxy extends Request From adcdd938a4e29599b7c4135fecffc216e9ca17a6 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Thu, 4 Jul 2019 22:58:06 +0200 Subject: [PATCH 4/4] PHP 5 compat --- src/Symfony/Component/HttpFoundation/Request.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php index 38b7fc21691c..7185d75e9220 100644 --- a/src/Symfony/Component/HttpFoundation/Request.php +++ b/src/Symfony/Component/HttpFoundation/Request.php @@ -1037,7 +1037,7 @@ public function getPort() $pos = strrpos($host, ':'); } - if (false !== $pos && '' !== $port = substr($host, $pos + 1)) { + if (false !== $pos && $port = substr($host, $pos + 1)) { return (int) $port; }