php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-26 06:15:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix #19290: Fix Request::getHostInfo() doesn’t return the port if a Host header is used

Browse Source
This commit is contained in:
Alexey
2022-04-15 23:37:55 +03:00
committed by GitHub
parent 4f1ffd2c98
commit 8046d3a50f
3 changed files with 79 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
framework/CHANGELOG.md
View File

@ -11,6 +11,7 @@ Yii Framework 2 Change Log
- Enh #19270: Replace deprecated `scss` converter in `yii\web\AssetConverter::$commands` (WinterSilence)
- Enh #19254: Support specifying custom characters for `yii.validation.trim()` and replace deprecated `jQuery.trim()` (WinterSilence)
- Bug #19291: Reset errors and validators in `yii\base\Model::__clone()` (WinterSilence)
- Bug #19290: Fix `Request::getHostInfo()` doesnt return the port if a Host header is used (lesha724)
- Enh #19295: Added alias `text/rtf` for mime-type `application/rtf` (lesha724)
- Enh #19308: Add `yii\web\UploadedFile::$fullPath` represents 'full_path' key added in PHP 8.1 (WinterSilence)
- Bug #19303: Fix serialization in `yii\caching\Dependency::generateReusableHash()` (WinterSilence)

21
framework/web/Request.php
View File

@ -749,13 +749,20 @@ class Request extends \yii\base\Request
$this->_hostInfo = $http . '://' . trim(explode(',', $this->headers->get('X-Forwarded-Host'))[0]);
} elseif ($this->headers->has('X-Original-Host')) {
$this->_hostInfo = $http . '://' . trim(explode(',', $this->headers->get('X-Original-Host'))[0]);
} elseif ($this->headers->has('Host')) {
$this->_hostInfo = $http . '://' . $this->headers->get('Host');
} elseif (isset($_SERVER['SERVER_NAME'])) {
$this->_hostInfo = $http . '://' . $_SERVER['SERVER_NAME'];
$port = $secure ? $this->getSecurePort() : $this->getPort();
if (($port !== 80 && !$secure) || ($port !== 443 && $secure)) {
$this->_hostInfo .= ':' . $port;
} else {
if ($this->headers->has('Host')) {
$this->_hostInfo = $http . '://' . $this->headers->get('Host');
} elseif (filter_has_var(INPUT_SERVER, 'SERVER_NAME')) {
$this->_hostInfo = $http . '://' . filter_input(INPUT_SERVER, 'SERVER_NAME');
} elseif (isset($_SERVER['SERVER_NAME'])) {
$this->_hostInfo = $http . '://' . $_SERVER['SERVER_NAME'];
}
if ($this->_hostInfo !== null && !preg_match('/:\d+$/', $this->_hostInfo)) {
$port = $secure ? $this->getSecurePort() : $this->getPort();
if (($port !== 80 && !$secure) || ($port !== 443 && $secure)) {
$this->_hostInfo .= ':' . $port;
}
}
}
}

64
tests/framework/web/RequestTest.php
View File

@ -286,6 +286,48 @@ class RequestTest extends TestCase
'example1.com',
]
],
// HTTP header missing with port 80
[
[
'HTTP_HOST' => 'example1.com',
'SERVER_PORT' => 80,
],
[
'http://example1.com',
'example1.com',
]
],
// normal with nonstandart port 8080
[
[
'HTTP_HOST' => 'example1.com',
'SERVER_PORT' => 8080,
],
[
'http://example1.com:8080',
'example1.com',
]
],
[
[
'HTTP_HOST' => 'example1.com:8081',
'SERVER_PORT' => 8080,
],
[
'http://example1.com:8081',
'example1.com',
]
],
[
[
'HTTP_HOST' => 'example1.com:8080',
'SERVER_PORT' => 8080,
],
[
'http://example1.com:8080',
'example1.com',
]
],
// HTTP header missing
[
[
@ -296,6 +338,28 @@ class RequestTest extends TestCase
'example2.com',
]
],
// HTTP header missing with nonstandart port 8080
[
[
'SERVER_NAME' => 'example1.com',
'SERVER_PORT' => 8080,
],
[
'http://example1.com:8080',
'example1.com',
]
],
// HTTP header missing with port 80
[
[
'SERVER_NAME' => 'example1.com',
'SERVER_PORT' => 80,
],
[
'http://example1.com',
'example1.com',
]
],
// forwarded from untrusted server
[
[