bug symfony#32096 Don't assume port 0 for X-Forwarded-Port (alexbowers, xabbuh)

fabpot · fabpot · commit 931965a44811 · 2019-07-08T13:55:51.000+02:00
This PR was merged into the 3.4 branch. Discussion ---------- Don't assume port 0 for X-Forwarded-Port | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | none added | Fixed tickets | | License | MIT | Doc PR | - If you use X-Forwarded-Host but don't provide X-Forwarded-Port, it will default to `0.0.0.0:` which then assumes port `0` instead of following its default assumption based on the scheme. Commits ------- adcdd93 PHP 5 compat 6c49a0c Add test case c266d6c Update Request.php 23db9be Don't assume port 0 for X-Forwarded-Port
diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
@@ -1037,8 +1037,8 @@ public function getPort()
             $pos = strrpos($host, ':');
         }
 
-        if (false !== $pos) {
-            return (int) substr($host, $pos + 1);
+        if (false !== $pos && $port = substr($host, $pos + 1)) {
+            return (int) $port;
         }
 
         return 'https' === $this->getScheme() ? 443 : 80;
diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
@@ -2427,6 +2427,18 @@ public function testTrustedPort()
 
         $this->assertSame(443, $request->getPort());
     }
+
+    public function testTrustedPortDoesNotDefaultToZero()
+    {
+        Request::setTrustedProxies(['1.1.1.1'], Request::HEADER_X_FORWARDED_ALL);
+
+        $request = Request::create('/');
+        $request->server->set('REMOTE_ADDR', '1.1.1.1');
+        $request->headers->set('X-Forwarded-Host', 'test.example.com');
+        $request->headers->set('X-Forwarded-Port', null);
+
+        $this->assertSame(80, $request->getPort());
+    }
 }
 
 class RequestContentProxy extends Request

Original file line number	Diff line number	Diff line change
`@@ -1037,8 +1037,8 @@ public function getPort()`
`1037`	`1037`	`$pos = strrpos($host, ':');`
`1038`	`1038`	`}`
`1039`	`1039`
`1040`		`- if (false !== $pos) {`
`1041`		`- return (int) substr($host, $pos + 1);`
	`1040`	`+ if (false !== $pos && $port = substr($host, $pos + 1)) {`
	`1041`	`+ return (int) $port;`
`1042`	`1042`	`}`
`1043`	`1043`
`1044`	`1044`	`return 'https' === $this->getScheme() ? 443 : 80;`