Replace REMOTE_ADDR in trusted proxies with the current REMOTE_ADDR

mcfedr · mcfedr · commit 6b033efe03cc · 2019-09-13T18:00:17.000+03:00
diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
@@ -567,14 +567,23 @@ public function overrideGlobals()
      *
      * You should only list the reverse proxies that you manage directly.
      *
-     * @param array $proxies          A list of trusted proxies
+     * @param array $proxies          A list of trusted proxies, the string 'REMOTE_ADDR' will be replaced with $_SERVER['REMOTE_ADDR']
      * @param int   $trustedHeaderSet A bit field of Request::HEADER_*, to set which headers to trust from your proxies
      *
      * @throws \InvalidArgumentException When $trustedHeaderSet is invalid
      */
     public static function setTrustedProxies(array $proxies, int $trustedHeaderSet)
     {
-        self::$trustedProxies = $proxies;
+        self::$trustedProxies = array_reduce($proxies, function($proxies, $proxy) {
+            if ('REMOTE_ADDR' === $proxy) {
+                if (isset($_SERVER['REMOTE_ADDR'])) {
+                    $proxies[] = $_SERVER['REMOTE_ADDR'];
+                }
+            } else {
+                $proxies[] = $proxy;
+            }
+            return $proxies;
+        }, []);
         self::$trustedHeaderSet = $trustedHeaderSet;
     }
 
diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
@@ -2324,6 +2324,26 @@ public function testTrustedPortDoesNotDefaultToZero()
 
         $this->assertSame(80, $request->getPort());
     }
+
+    /**
+     * @dataProvider trustedProxiesRemoteAddr
+     */
+    public function testTrustedProxiesRemoteAddr($serverRemoteAddr, $trustedProxies, $result)
+    {
+        $_SERVER['REMOTE_ADDR'] = $serverRemoteAddr;
+        Request::setTrustedProxies($trustedProxies, Request::HEADER_X_FORWARDED_ALL);
+        $this->assertSame($result, Request::getTrustedProxies());
+    }
+
+    public function trustedProxiesRemoteAddr()
+    {
+        return [
+            ['1.1.1.1', ['REMOTE_ADDR'], ['1.1.1.1']],
+            ['1.1.1.1', ['REMOTE_ADDR', '2.2.2.2'], ['1.1.1.1', '2.2.2.2']],
+            [null, ['REMOTE_ADDR'], []],
+            [null, ['REMOTE_ADDR', '2.2.2.2'], ['2.2.2.2']],
+        ];
+    }
 }
 
 class RequestContentProxy extends Request

Original file line number	Diff line number	Diff line change
`@@ -567,14 +567,23 @@ public function overrideGlobals()`
`567`	`567`	`*`
`568`	`568`	`* You should only list the reverse proxies that you manage directly.`
`569`	`569`	`*`
`570`		`- * @param array $proxies A list of trusted proxies`
	`570`	`+ * @param array $proxies A list of trusted proxies, the string 'REMOTE_ADDR' will be replaced with $_SERVER['REMOTE_ADDR']`
`571`	`571`	`* @param int $trustedHeaderSet A bit field of Request::HEADER_*, to set which headers to trust from your proxies`
`572`	`572`	`*`
`573`	`573`	`* @throws \InvalidArgumentException When $trustedHeaderSet is invalid`
`574`	`574`	`*/`
`575`	`575`	`public static function setTrustedProxies(array $proxies, int $trustedHeaderSet)`
`576`	`576`	`{`
`577`		`- self::$trustedProxies = $proxies;`
	`577`	`+ self::$trustedProxies = array_reduce($proxies, function($proxies, $proxy) {`
	`578`	`+ if ('REMOTE_ADDR' === $proxy) {`
	`579`	`+ if (isset($_SERVER['REMOTE_ADDR'])) {`
	`580`	`+ $proxies[] = $_SERVER['REMOTE_ADDR'];`
	`581`	`+ }`
	`582`	`+ } else {`
	`583`	`+ $proxies[] = $proxy;`
	`584`	`+ }`
	`585`	`+ return $proxies;`
	`586`	`+ }, []);`
`578`	`587`	`self::$trustedHeaderSet = $trustedHeaderSet;`
`579`	`588`	`}`
`580`	`589`