adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Don't use FORWARDED_HOST when getting referer values.

Browse source 
HTTP_X_FORWARDED_HOST is supposed to be used by proxies to indicate the
original HTTP_HOST value. It has nothing to do with referer values.

Since the HTTP_X_FORWARDED_HOST is intended to replace the HOST header
in proxied setups, add a trustProxy parameter to host() and default it
to false. This maintains existing behavior and allows people to access
the proxied value.

Fixes #2537
This commit is contained in:
mark_story 2013-12-23 11:31:54 -05:00
parent 1aaa56575b
commit 70530135d6
2 changed files with 7 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/Cake/Network/CakeRequest.php
View file

@ -417,10 +417,6 @@ class CakeRequest implements ArrayAccess {
*/ */
public function referer($local = false) { public function referer($local = false) {
$ref = env('HTTP_REFERER'); $ref = env('HTTP_REFERER');
$forwarded = env('HTTP_X_FORWARDED_HOST');
if ($forwarded) {
$ref = $forwarded;
}
$base = Configure::read('App.fullBaseUrl') . $this->webroot; $base = Configure::read('App.fullBaseUrl') . $this->webroot;
if (!empty($ref) && !empty($base)) { if (!empty($ref) && !empty($base)) {
@ -667,9 +663,13 @@ class CakeRequest implements ArrayAccess {
/** /**
* Get the host that the request was handled on. * Get the host that the request was handled on.
* *
* @param boolean $trustProxy Whether or not to trust the proxy host.
* @return string * @return string
*/ */
public function host() { public function host($trustProxy = false) {
if ($trustProxy) {
return env('HTTP_X_FORWARDED_HOST');
}
return env('HTTP_HOST'); return env('HTTP_HOST');
} }

6
lib/Cake/Test/Case/Network/CakeRequestTest.php
View file

@ -698,10 +698,6 @@ class CakeRequestTest extends CakeTestCase {
$_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '/recipes/add'; $_SERVER['HTTP_REFERER'] = Configure::read('App.fullBaseUrl') . '/recipes/add';
$result = $request->referer(true); $result = $request->referer(true);
$this->assertSame($result, '/recipes/add'); $this->assertSame($result, '/recipes/add');
$_SERVER['HTTP_X_FORWARDED_HOST'] = 'cakephp.org';
$result = $request->referer();
$this->assertSame($result, 'cakephp.org');
} }
/** /**
@ -804,9 +800,11 @@ class CakeRequestTest extends CakeTestCase {
*/ */
public function testHost() { public function testHost() {
$_SERVER['HTTP_HOST'] = 'localhost'; $_SERVER['HTTP_HOST'] = 'localhost';
$_SERVER['HTTP_X_FORWARDED_HOST'] = 'cakephp.org';
$request = new CakeRequest('some/path'); $request = new CakeRequest('some/path');
$this->assertEquals('localhost', $request->host()); $this->assertEquals('localhost', $request->host());
$this->assertEquals('cakephp.org', $request->host(true));
} }
/** /**