merged branch mweimerskirch/patch-12 (PR #7092)

fabpot · fabpot · commit 8fc69c31994c · 2013-02-17T12:37:52.000+01:00
This PR was submitted for the 2.2 branch but it was merged into the 2.1 branch instead (closes #7092). Commits ------- 187645f Fix REMOTE_ADDR for cached subrequests Discussion ---------- [HttpKernel/HttpCache] Fix "REMOTE_ADDR" for cached subrequests | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | none that I know of | Deprecations? | no | Tests pass? | yes | Fixed tickets | 7091 | License | MIT I moved the code that modifies the REMOTE_ADDR variable further up the chain so that cached subrequests also receive the local IP address. Before, only new subrequests received the local IP address and cached ones received the original IP, which made "validateRequest" in FragmentListener fail. Please review. I'm not sure about side-effects of this patch, including possible security issues. Fixes #7091 --------------------------------------------------------------------------- by bamarni at 2013-02-16T11:49:27Z @fabpot rejected setting this on the master request, so you should do it on the ```forward()``` method instead. --------------------------------------------------------------------------- by mweimerskirch at 2013-02-16T12:13:46Z @bamarni @fabpot done
diff --git a/src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php b/src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
@@ -413,18 +413,6 @@ protected function fetch(Request $request, $catch = false)
         $subRequest->headers->remove('if_modified_since');
         $subRequest->headers->remove('if_none_match');
 
-        // modify the X-Forwarded-For header if needed
-        $forwardedFor = $subRequest->headers->get('X-Forwarded-For');
-        if ($forwardedFor) {
-            $subRequest->headers->set('X-Forwarded-For', $forwardedFor.', '.$subRequest->server->get('REMOTE_ADDR'));
-        } else {
-            $subRequest->headers->set('X-Forwarded-For', $subRequest->server->get('REMOTE_ADDR'));
-        }
-
-        // fix the client IP address by setting it to 127.0.0.1 as HttpCache
-        // is always called from the same process as the backend.
-        $subRequest->server->set('REMOTE_ADDR', '127.0.0.1');
-
         $response = $this->forward($subRequest, $catch);
 
         if ($this->isPrivateRequest($request) && !$response->headers->hasCacheControlDirective('public')) {
@@ -455,6 +443,18 @@ protected function forward(Request $request, $catch = false, Response $entry = n
             $this->esi->addSurrogateEsiCapability($request);
         }
 
+        // modify the X-Forwarded-For header if needed
+        $forwardedFor = $request->headers->get('X-Forwarded-For');
+        if ($forwardedFor) {
+            $request->headers->set('X-Forwarded-For', $forwardedFor.', '.$request->server->get('REMOTE_ADDR'));
+        } else {
+            $request->headers->set('X-Forwarded-For', $request->server->get('REMOTE_ADDR'));
+        }
+
+        // fix the client IP address by setting it to 127.0.0.1 as HttpCache
+        // is always called from the same process as the backend.
+        $request->server->set('REMOTE_ADDR', '127.0.0.1');
+
         // always a "master" request (as the real master request can be in cache)
         $response = $this->kernel->handle($request, HttpKernelInterface::MASTER_REQUEST, $catch);
         // FIXME: we probably need to also catch exceptions if raw === true
