php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-26 06:15:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix #17755: Fix a bug for web request with trustedHosts set to format ['10.0.0.1' => ['X-Forwarded-For']]

Browse Source
This commit is contained in:
Ather Shu
2020-01-15 20:51:57 +08:00
committed by Alexander Makarov
parent a982f31606
commit 038ce9f77e
3 changed files with 139 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
framework/web/Request.php
View File

@ -1866,8 +1866,15 @@ class Request extends \yii\base\Request
protected function getSecureForwardedHeaderTrustedParts()
{
$validator = $this->getIpValidator();
$trustedHosts = [];
foreach ($this->trustedHosts as $trustedCidr => $trustedCidrOrHeaders) {
if (!is_array($trustedCidrOrHeaders)) {
$trustedCidr = $trustedCidrOrHeaders;
}
$trustedHosts[] = $trustedCidr;
}
$validator->setRanges($trustedHosts);
$validator->setRanges($this->trustedHosts);
return array_filter($this->getSecureForwardedHeaderParts(), function ($headerPart) use ($validator) {
return isset($headerPart['for']) ? !$validator->validate($headerPart['for']) : true;
});