Skip to content

Commit 5034dad

Browse files
nicolas-grekasnicolas-grekas
committed
security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (nicolas-grekas)
This PR was merged into the 2.8 branch. Discussion ---------- [HttpFoundation] Remove support for legacy and risky HTTP headers | Q | A | ------------- | --- | Branch? | 2.8 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Commits ------- e447e8b921 [HttpFoundation] Remove support for legacy and risky HTTP headers
2 parents 9aa26b3 + 5097611 commit 5034dad

File tree

3 files changed

+7
-56
lines changed

3 files changed

+7
-56
lines changed

CHANGELOG.md

+6
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,12 @@
11
CHANGELOG
22
=========
33

4+
2.8.44
5+
------
6+
7+
* [BC BREAK] Support for the IIS-only `X_ORIGINAL_URL` and `X_REWRITE_URL`
8+
HTTP headers has been dropped for security reasons.
9+
410
2.8.0
511
-----
612

Request.php

+1-12
Original file line numberDiff line numberDiff line change
@@ -1694,18 +1694,7 @@ protected function prepareRequestUri()
16941694
{
16951695
$requestUri = '';
16961696

1697-
if ($this->headers->has('X_ORIGINAL_URL')) {
1698-
// IIS with Microsoft Rewrite Module
1699-
$requestUri = $this->headers->get('X_ORIGINAL_URL');
1700-
$this->headers->remove('X_ORIGINAL_URL');
1701-
$this->server->remove('HTTP_X_ORIGINAL_URL');
1702-
$this->server->remove('UNENCODED_URL');
1703-
$this->server->remove('IIS_WasUrlRewritten');
1704-
} elseif ($this->headers->has('X_REWRITE_URL')) {
1705-
// IIS with ISAPI_Rewrite
1706-
$requestUri = $this->headers->get('X_REWRITE_URL');
1707-
$this->headers->remove('X_REWRITE_URL');
1708-
} elseif ('1' == $this->server->get('IIS_WasUrlRewritten') && '' != $this->server->get('UNENCODED_URL')) {
1697+
if ('1' == $this->server->get('IIS_WasUrlRewritten') && '' != $this->server->get('UNENCODED_URL')) {
17091698
// IIS7 with URL Rewrite: make sure we get the unencoded URL (double slash problem)
17101699
$requestUri = $this->server->get('UNENCODED_URL');
17111700
$this->server->remove('UNENCODED_URL');

Tests/RequestTest.php

-44
Original file line numberDiff line numberDiff line change
@@ -1814,52 +1814,8 @@ public function iisRequestUriProvider()
18141814
{
18151815
return array(
18161816
array(
1817-
array(
1818-
'X_ORIGINAL_URL' => '/foo/bar',
1819-
),
1820-
array(),
1821-
'/foo/bar',
1822-
),
1823-
array(
1824-
array(
1825-
'X_REWRITE_URL' => '/foo/bar',
1826-
),
18271817
array(),
1828-
'/foo/bar',
1829-
),
1830-
array(
1831-
array(),
1832-
array(
1833-
'IIS_WasUrlRewritten' => '1',
1834-
'UNENCODED_URL' => '/foo/bar',
1835-
),
1836-
'/foo/bar',
1837-
),
1838-
array(
1839-
array(
1840-
'X_ORIGINAL_URL' => '/foo/bar',
1841-
),
1842-
array(
1843-
'HTTP_X_ORIGINAL_URL' => '/foo/bar',
1844-
),
1845-
'/foo/bar',
1846-
),
1847-
array(
1848-
array(
1849-
'X_ORIGINAL_URL' => '/foo/bar',
1850-
),
1851-
array(
1852-
'IIS_WasUrlRewritten' => '1',
1853-
'UNENCODED_URL' => '/foo/bar',
1854-
),
1855-
'/foo/bar',
1856-
),
1857-
array(
1858-
array(
1859-
'X_ORIGINAL_URL' => '/foo/bar',
1860-
),
18611818
array(
1862-
'HTTP_X_ORIGINAL_URL' => '/foo/bar',
18631819
'IIS_WasUrlRewritten' => '1',
18641820
'UNENCODED_URL' => '/foo/bar',
18651821
),

0 commit comments

Comments
 (0)