1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
From: Nicolas Grekas <nicolas.grekas@gmail.com>
Date: Sat, 14 Jul 2018 21:56:04 +0200
Subject: [HttpFoundation] Remove support for legacy and risky HTTP headers
[CVE-2018-14773] https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
Origin: backport, https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
---
src/Symfony/Component/HttpFoundation/CHANGELOG.md | 6 +++
src/Symfony/Component/HttpFoundation/Request.php | 13 +------
.../Component/HttpFoundation/Tests/RequestTest.php | 44 ----------------------
3 files changed, 7 insertions(+), 56 deletions(-)
diff --git a/src/Symfony/Component/HttpFoundation/CHANGELOG.md b/src/Symfony/Component/HttpFoundation/CHANGELOG.md
index 9f48e82..f8b0433 100644
--- a/src/Symfony/Component/HttpFoundation/CHANGELOG.md
+++ b/src/Symfony/Component/HttpFoundation/CHANGELOG.md
@@ -1,6 +1,12 @@
CHANGELOG
=========
+2.8.44
+------
+
+ * [BC BREAK] Support for the IIS-only `X_ORIGINAL_URL` and `X_REWRITE_URL`
+ HTTP headers has been dropped for security reasons.
+
2.8.0
-----
diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
index d7f95e3..5ed989a 100644
--- a/src/Symfony/Component/HttpFoundation/Request.php
+++ b/src/Symfony/Component/HttpFoundation/Request.php
@@ -1697,18 +1697,7 @@ class Request
{
$requestUri = '';
- if ($this->headers->has('X_ORIGINAL_URL')) {
- // IIS with Microsoft Rewrite Module
- $requestUri = $this->headers->get('X_ORIGINAL_URL');
- $this->headers->remove('X_ORIGINAL_URL');
- $this->server->remove('HTTP_X_ORIGINAL_URL');
- $this->server->remove('UNENCODED_URL');
- $this->server->remove('IIS_WasUrlRewritten');
- } elseif ($this->headers->has('X_REWRITE_URL')) {
- // IIS with ISAPI_Rewrite
- $requestUri = $this->headers->get('X_REWRITE_URL');
- $this->headers->remove('X_REWRITE_URL');
- } elseif ($this->server->get('IIS_WasUrlRewritten') == '1' && $this->server->get('UNENCODED_URL') != '') {
+ if ('1' == $this->server->get('IIS_WasUrlRewritten') && '' != $this->server->get('UNENCODED_URL')) {
// IIS7 with URL Rewrite: make sure we get the unencoded URL (double slash problem)
$requestUri = $this->server->get('UNENCODED_URL');
$this->server->remove('UNENCODED_URL');
diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
index 89c4eb2..0089583 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
@@ -1669,52 +1669,8 @@ class RequestTest extends \PHPUnit_Framework_TestCase
{
return array(
array(
- array(
- 'X_ORIGINAL_URL' => '/foo/bar',
- ),
- array(),
- '/foo/bar',
- ),
- array(
- array(
- 'X_REWRITE_URL' => '/foo/bar',
- ),
array(),
- '/foo/bar',
- ),
- array(
- array(),
- array(
- 'IIS_WasUrlRewritten' => '1',
- 'UNENCODED_URL' => '/foo/bar',
- ),
- '/foo/bar',
- ),
- array(
- array(
- 'X_ORIGINAL_URL' => '/foo/bar',
- ),
- array(
- 'HTTP_X_ORIGINAL_URL' => '/foo/bar',
- ),
- '/foo/bar',
- ),
- array(
- array(
- 'X_ORIGINAL_URL' => '/foo/bar',
- ),
- array(
- 'IIS_WasUrlRewritten' => '1',
- 'UNENCODED_URL' => '/foo/bar',
- ),
- '/foo/bar',
- ),
- array(
- array(
- 'X_ORIGINAL_URL' => '/foo/bar',
- ),
array(
- 'HTTP_X_ORIGINAL_URL' => '/foo/bar',
'IIS_WasUrlRewritten' => '1',
'UNENCODED_URL' => '/foo/bar',
),
|
