escape the regex delimiter character

xabbuh · xabbuh · commit 966f673e721e · 2018-05-04T11:56:40.000+02:00
diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
@@ -581,7 +581,7 @@ public static function getTrustedProxies()
     public static function setTrustedHosts(array $hostPatterns)
     {
         self::$trustedHostPatterns = array_map(function ($hostPattern) {
-            return sprintf('#%s#i', $hostPattern);
+            return sprintf('#%s#i', preg_replace('/(?<!\\\\)#/', '\\#', $hostPattern));
         }, $hostPatterns);
         // we need to reset trusted hosts on trusted host patterns change
         self::$trustedHosts = array();
diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
@@ -18,6 +18,11 @@
 
 class RequestTest extends TestCase
 {
+    protected function tearDown()
+    {
+        Request::setTrustedHosts(array());
+    }
+
     public function testInitialize()
     {
         $request = new Request();
@@ -1871,9 +1876,24 @@ public function testTrustedHosts()
 
         $request->headers->set('host', 'subdomain.trusted.com');
         $this->assertEquals('subdomain.trusted.com', $request->getHost());
+    }
 
-        // reset request for following tests
-        Request::setTrustedHosts(array());
+    public function testSetTrustedHostsEscapesTheRegexDelimiterCharacter()
+    {
+        Request::setTrustedHosts(array('localhost#,example.com', 'localhost'));
+
+        $request = Request::create('/');
+        $request->headers->set('host', 'localhost');
+        $this->assertSame('localhost', $request->getHost());
+    }
+
+    public function testSetTrustedHostsDoesNotEscapeAlreadyEscapedRegexDelimiterCharacters()
+    {
+        Request::setTrustedHosts(array('localhost\#,example.com', 'localhost'));
+
+        $request = Request::create('/');
+        $request->headers->set('host', 'localhost');
+        $this->assertSame('localhost', $request->getHost());
     }
 
     public function testFactory()

Original file line number	Diff line number	Diff line change
`@@ -581,7 +581,7 @@ public static function getTrustedProxies()`
`581`	`581`	`public static function setTrustedHosts(array $hostPatterns)`
`582`	`582`	`{`
`583`	`583`	`self::$trustedHostPatterns = array_map(function ($hostPattern) {`
`584`		`- return sprintf('#%s#i', $hostPattern);`
	`584`	`+ return sprintf('#%s#i', preg_replace('/(?<!\\\\)#/', '\\#', $hostPattern));`
`585`	`585`	`}, $hostPatterns);`
`586`	`586`	`// we need to reset trusted hosts on trusted host patterns change`
`587`	`587`	`self::$trustedHosts = array();`