merged branch Seldaek/untrusted (PR #8810)

fabpot · fabpot · commit cbc30a31e224 · 2013-08-21T21:09:08.000+02:00
This PR was merged into the 2.3 branch. Discussion ---------- Include untrusted host in the exception message `Invalid *` error message without the actual value that triggered them are really unhelpful to debug issues. Commits ------- fd2f633 Include untrusted host in the exception message
diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
@@ -1101,7 +1101,7 @@ public function getHost()
         // as the host can come from the user (HTTP_HOST and depending on the configuration, SERVER_NAME too can come from the user)
         // check that it does not contain forbidden characters (see RFC 952 and RFC 2181)
         if ($host && !preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host)) {
-            throw new \UnexpectedValueException('Invalid Host');
+            throw new \UnexpectedValueException('Invalid Host "'.$host.'"');
         }
 
         if (count(self::$trustedHostPatterns) > 0) {
@@ -1119,7 +1119,7 @@ public function getHost()
                 }
             }
 
-            throw new \UnexpectedValueException('Untrusted Host');
+            throw new \UnexpectedValueException('Untrusted Host "'.$host.'"');
         }
 
         return $host;
diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
@@ -1520,7 +1520,7 @@ public function testTrustedHosts()
             $request->getHost();
             $this->fail('Request::getHost() should throw an exception when host is not trusted.');
         } catch (\UnexpectedValueException $e) {
-            $this->assertEquals('Untrusted Host', $e->getMessage());
+            $this->assertEquals('Untrusted Host "evil.com"', $e->getMessage());
         }
 
         // trusted hosts

Original file line number	Diff line number	Diff line change
`@@ -1101,7 +1101,7 @@ public function getHost()`
`1101`	`1101`	`// as the host can come from the user (HTTP_HOST and depending on the configuration, SERVER_NAME too can come from the user)`
`1102`	`1102`	`// check that it does not contain forbidden characters (see RFC 952 and RFC 2181)`
`1103`	`1103`	`if ($host && !preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host)) {`
`1104`		`- throw new \UnexpectedValueException('Invalid Host');`
	`1104`	`+ throw new \UnexpectedValueException('Invalid Host "'.$host.'"');`
`1105`	`1105`	`}`
`1106`	`1106`
`1107`	`1107`	`if (count(self::$trustedHostPatterns) > 0) {`
`@@ -1119,7 +1119,7 @@ public function getHost()`
`1119`	`1119`	`}`
`1120`	`1120`	`}`
`1121`	`1121`
`1122`		`- throw new \UnexpectedValueException('Untrusted Host');`
	`1122`	`+ throw new \UnexpectedValueException('Untrusted Host "'.$host.'"');`
`1123`	`1123`	`}`
`1124`	`1124`
`1125`	`1125`	`return $host;`
Original file line number	Diff line number	Diff line change
`@@ -1520,7 +1520,7 @@ public function testTrustedHosts()`
`1520`	`1520`	`$request->getHost();`
`1521`	`1521`	`$this->fail('Request::getHost() should throw an exception when host is not trusted.');`
`1522`	`1522`	`} catch (\UnexpectedValueException $e) {`
`1523`		`- $this->assertEquals('Untrusted Host', $e->getMessage());`
	`1523`	`+ $this->assertEquals('Untrusted Host "evil.com"', $e->getMessage());`
`1524`	`1524`	`}`
`1525`	`1525`
`1526`	`1526`	`// trusted hosts`