mirror of
https://github.com/yiisoft/yii2.git
synced 2025-08-26 14:26:54 +08:00
Fix #19290: Fix Request::getHostInfo() doesn’t return the port if a Host header is used
This commit is contained in:
Alexey
@ -11,6 +11,7 @@ Yii Framework 2 Change Log
|
|||||||
- Enh #19270: Replace deprecated `scss` converter in `yii\web\AssetConverter::$commands` (WinterSilence)
|
- Enh #19270: Replace deprecated `scss` converter in `yii\web\AssetConverter::$commands` (WinterSilence)
|
||||||
- Enh #19254: Support specifying custom characters for `yii.validation.trim()` and replace deprecated `jQuery.trim()` (WinterSilence)
|
- Enh #19254: Support specifying custom characters for `yii.validation.trim()` and replace deprecated `jQuery.trim()` (WinterSilence)
|
||||||
- Bug #19291: Reset errors and validators in `yii\base\Model::__clone()` (WinterSilence)
|
- Bug #19291: Reset errors and validators in `yii\base\Model::__clone()` (WinterSilence)
|
||||||
|
- Bug #19290: Fix `Request::getHostInfo()` doesn’t return the port if a Host header is used (lesha724)
|
||||||
- Enh #19295: Added alias `text/rtf` for mime-type `application/rtf` (lesha724)
|
- Enh #19295: Added alias `text/rtf` for mime-type `application/rtf` (lesha724)
|
||||||
- Enh #19308: Add `yii\web\UploadedFile::$fullPath` represents 'full_path' key added in PHP 8.1 (WinterSilence)
|
- Enh #19308: Add `yii\web\UploadedFile::$fullPath` represents 'full_path' key added in PHP 8.1 (WinterSilence)
|
||||||
- Bug #19303: Fix serialization in `yii\caching\Dependency::generateReusableHash()` (WinterSilence)
|
- Bug #19303: Fix serialization in `yii\caching\Dependency::generateReusableHash()` (WinterSilence)
|
||||||
|
|||||||
@ -749,13 +749,20 @@ class Request extends \yii\base\Request
|
|||||||
$this->_hostInfo = $http . '://' . trim(explode(',', $this->headers->get('X-Forwarded-Host'))[0]);
|
$this->_hostInfo = $http . '://' . trim(explode(',', $this->headers->get('X-Forwarded-Host'))[0]);
|
||||||
} elseif ($this->headers->has('X-Original-Host')) {
|
} elseif ($this->headers->has('X-Original-Host')) {
|
||||||
$this->_hostInfo = $http . '://' . trim(explode(',', $this->headers->get('X-Original-Host'))[0]);
|
$this->_hostInfo = $http . '://' . trim(explode(',', $this->headers->get('X-Original-Host'))[0]);
|
||||||
} elseif ($this->headers->has('Host')) {
|
} else {
|
||||||
$this->_hostInfo = $http . '://' . $this->headers->get('Host');
|
if ($this->headers->has('Host')) {
|
||||||
} elseif (isset($_SERVER['SERVER_NAME'])) {
|
$this->_hostInfo = $http . '://' . $this->headers->get('Host');
|
||||||
$this->_hostInfo = $http . '://' . $_SERVER['SERVER_NAME'];
|
} elseif (filter_has_var(INPUT_SERVER, 'SERVER_NAME')) {
|
||||||
$port = $secure ? $this->getSecurePort() : $this->getPort();
|
$this->_hostInfo = $http . '://' . filter_input(INPUT_SERVER, 'SERVER_NAME');
|
||||||
if (($port !== 80 && !$secure) || ($port !== 443 && $secure)) {
|
} elseif (isset($_SERVER['SERVER_NAME'])) {
|
||||||
$this->_hostInfo .= ':' . $port;
|
$this->_hostInfo = $http . '://' . $_SERVER['SERVER_NAME'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($this->_hostInfo !== null && !preg_match('/:\d+$/', $this->_hostInfo)) {
|
||||||
|
$port = $secure ? $this->getSecurePort() : $this->getPort();
|
||||||
|
if (($port !== 80 && !$secure) || ($port !== 443 && $secure)) {
|
||||||
|
$this->_hostInfo .= ':' . $port;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -286,6 +286,48 @@ class RequestTest extends TestCase
|
|||||||
'example1.com',
|
'example1.com',
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
|
// HTTP header missing with port 80
|
||||||
|
[
|
||||||
|
[
|
||||||
|
'HTTP_HOST' => 'example1.com',
|
||||||
|
'SERVER_PORT' => 80,
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'http://example1.com',
|
||||||
|
'example1.com',
|
||||||
|
]
|
||||||
|
],
|
||||||
|
// normal with nonstandart port 8080
|
||||||
|
[
|
||||||
|
[
|
||||||
|
'HTTP_HOST' => 'example1.com',
|
||||||
|
'SERVER_PORT' => 8080,
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'http://example1.com:8080',
|
||||||
|
'example1.com',
|
||||||
|
]
|
||||||
|
],
|
||||||
|
[
|
||||||
|
[
|
||||||
|
'HTTP_HOST' => 'example1.com:8081',
|
||||||
|
'SERVER_PORT' => 8080,
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'http://example1.com:8081',
|
||||||
|
'example1.com',
|
||||||
|
]
|
||||||
|
],
|
||||||
|
[
|
||||||
|
[
|
||||||
|
'HTTP_HOST' => 'example1.com:8080',
|
||||||
|
'SERVER_PORT' => 8080,
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'http://example1.com:8080',
|
||||||
|
'example1.com',
|
||||||
|
]
|
||||||
|
],
|
||||||
// HTTP header missing
|
// HTTP header missing
|
||||||
[
|
[
|
||||||
[
|
[
|
||||||
@ -296,6 +338,28 @@ class RequestTest extends TestCase
|
|||||||
'example2.com',
|
'example2.com',
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
|
// HTTP header missing with nonstandart port 8080
|
||||||
|
[
|
||||||
|
[
|
||||||
|
'SERVER_NAME' => 'example1.com',
|
||||||
|
'SERVER_PORT' => 8080,
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'http://example1.com:8080',
|
||||||
|
'example1.com',
|
||||||
|
]
|
||||||
|
],
|
||||||
|
// HTTP header missing with port 80
|
||||||
|
[
|
||||||
|
[
|
||||||
|
'SERVER_NAME' => 'example1.com',
|
||||||
|
'SERVER_PORT' => 80,
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'http://example1.com',
|
||||||
|
'example1.com',
|
||||||
|
]
|
||||||
|
],
|
||||||
// forwarded from untrusted server
|
// forwarded from untrusted server
|
||||||
[
|
[
|
||||||
[
|
[
|
||||||
|
|||||||
Reference in New Issue
Block a user