Skip to content

Commit efcde3d

Browse files
nicolas-grekasnicolas-grekas
committed
security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (nicolas-grekas)
This PR was merged into the 2.7 branch. Discussion ---------- [2.7][HttpFoundation] Remove support for legacy and risky HTTP headers Commits ------- eda2b20 [HttpFoundation] Remove support for legacy and risky HTTP headers
2 parents 34d6116 + eda2b20 commit efcde3d

File tree

3 files changed

+7
-56
lines changed

3 files changed

+7
-56
lines changed

src/Symfony/Component/HttpFoundation/CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,12 @@
11
CHANGELOG
22
=========
33

4+
2.7.49
5+
------
6+
7+
* [BC BREAK] Support for the IIS-only `X_ORIGINAL_URL` and `X_REWRITE_URL`
8+
HTTP headers has been dropped for security reasons.
9+
410
2.6.0
511
-----
612

src/Symfony/Component/HttpFoundation/Request.php

Lines changed: 1 addition & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1712,18 +1712,7 @@ protected function prepareRequestUri()
17121712
{
17131713
$requestUri = '';
17141714

1715-
if ($this->headers->has('X_ORIGINAL_URL')) {
1716-
// IIS with Microsoft Rewrite Module
1717-
$requestUri = $this->headers->get('X_ORIGINAL_URL');
1718-
$this->headers->remove('X_ORIGINAL_URL');
1719-
$this->server->remove('HTTP_X_ORIGINAL_URL');
1720-
$this->server->remove('UNENCODED_URL');
1721-
$this->server->remove('IIS_WasUrlRewritten');
1722-
} elseif ($this->headers->has('X_REWRITE_URL')) {
1723-
// IIS with ISAPI_Rewrite
1724-
$requestUri = $this->headers->get('X_REWRITE_URL');
1725-
$this->headers->remove('X_REWRITE_URL');
1726-
} elseif ('1' == $this->server->get('IIS_WasUrlRewritten') && '' != $this->server->get('UNENCODED_URL')) {
1715+
if ('1' == $this->server->get('IIS_WasUrlRewritten') && '' != $this->server->get('UNENCODED_URL')) {
17271716
// IIS7 with URL Rewrite: make sure we get the unencoded URL (double slash problem)
17281717
$requestUri = $this->server->get('UNENCODED_URL');
17291718
$this->server->remove('UNENCODED_URL');

src/Symfony/Component/HttpFoundation/Tests/RequestTest.php

Lines changed: 0 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -1769,52 +1769,8 @@ public function iisRequestUriProvider()
17691769
{
17701770
return array(
17711771
array(
1772-
array(
1773-
'X_ORIGINAL_URL' => '/foo/bar',
1774-
),
1775-
array(),
1776-
'/foo/bar',
1777-
),
1778-
array(
1779-
array(
1780-
'X_REWRITE_URL' => '/foo/bar',
1781-
),
17821772
array(),
1783-
'/foo/bar',
1784-
),
1785-
array(
1786-
array(),
1787-
array(
1788-
'IIS_WasUrlRewritten' => '1',
1789-
'UNENCODED_URL' => '/foo/bar',
1790-
),
1791-
'/foo/bar',
1792-
),
1793-
array(
1794-
array(
1795-
'X_ORIGINAL_URL' => '/foo/bar',
1796-
),
1797-
array(
1798-
'HTTP_X_ORIGINAL_URL' => '/foo/bar',
1799-
),
1800-
'/foo/bar',
1801-
),
1802-
array(
1803-
array(
1804-
'X_ORIGINAL_URL' => '/foo/bar',
1805-
),
1806-
array(
1807-
'IIS_WasUrlRewritten' => '1',
1808-
'UNENCODED_URL' => '/foo/bar',
1809-
),
1810-
'/foo/bar',
1811-
),
1812-
array(
1813-
array(
1814-
'X_ORIGINAL_URL' => '/foo/bar',
1815-
),
18161773
array(
1817-
'HTTP_X_ORIGINAL_URL' => '/foo/bar',
18181774
'IIS_WasUrlRewritten' => '1',
18191775
'UNENCODED_URL' => '/foo/bar',
18201776
),

0 commit comments

Comments
 (0)