Set REMOTE_ADDR as trusted proxy or localhost

kmadejski · kmadejski · commit 954c02408909 · 2018-05-15T12:34:24.000+02:00
diff --git a/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php b/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php
@@ -122,12 +122,8 @@ protected function createSubRequest($uri, Request $request)
             // Do nothing
         }
 
-        $server['REMOTE_ADDR'] = '127.0.0.1';
-        // Make sure 127.0.0.1 is a trusted proxy
-        if (!in_array('127.0.0.1', $trustedProxies = Request::getTrustedProxies())) {
-            $trustedProxies[] = '127.0.0.1';
-            Request::setTrustedProxies($trustedProxies);
-        }
+        $trustedProxies = Request::getTrustedProxies();
+        $server['REMOTE_ADDR'] = $trustedProxies ? reset($trustedProxies) : '127.0.0.1';
 
         unset($server['HTTP_IF_MODIFIED_SINCE']);
         unset($server['HTTP_IF_NONE_MATCH']);
diff --git a/src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php b/src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php
@@ -56,6 +56,7 @@ public function testRenderWithObjectsAsAttributes()
         $subRequest->attributes->replace(array('object' => $object, '_format' => 'html', '_controller' => 'main_controller', '_locale' => 'en'));
         $subRequest->headers->set('x-forwarded-for', array('127.0.0.1'));
         $subRequest->server->set('HTTP_X_FORWARDED_FOR', '127.0.0.1');
+        $subRequest->server->set('REMOTE_ADDR', '1.1.1.1');
 
         $strategy = new InlineFragmentRenderer($this->getKernelExpectingRequest($subRequest));
 
@@ -84,7 +85,7 @@ public function testRenderWithTrustedHeaderDisabled()
     {
         Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, '');
 
-        $strategy = new InlineFragmentRenderer($this->getKernelExpectingRequest(Request::create('/')));
+        $strategy = new InlineFragmentRenderer($this->getKernelExpectingRequest(Request::create('/', 'GET', array(), array(), array(), array('REMOTE_ADDR' => '1.1.1.1'))));
         $this->assertSame('foo', $strategy->render('/', Request::create('/'))->getContent());
     }
 
@@ -168,6 +169,7 @@ public function testESIHeaderIsKeptInSubrequest()
     {
         $expectedSubRequest = Request::create('/');
         $expectedSubRequest->headers->set('Surrogate-Capability', 'abc="ESI/1.0"');
+        $expectedSubRequest->server->set('REMOTE_ADDR', '1.1.1.1');
 
         if (Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP)) {
             $expectedSubRequest->headers->set('x-forwarded-for', array('127.0.0.1'));
@@ -193,7 +195,7 @@ public function testESIHeaderIsKeptInSubrequestWithTrustedHeaderDisabled()
 
     public function testHeadersPossiblyResultingIn304AreNotAssignedToSubrequest()
     {
-        $expectedSubRequest = Request::create('/');
+        $expectedSubRequest = Request::create('/', 'GET', array(), array(), array(), array('REMOTE_ADDR' => '1.1.1.1'));
         if (Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP)) {
             $expectedSubRequest->headers->set('x-forwarded-for', array('127.0.0.1'));
             $expectedSubRequest->server->set('HTTP_X_FORWARDED_FOR', '127.0.0.1');
@@ -204,15 +206,6 @@ public function testHeadersPossiblyResultingIn304AreNotAssignedToSubrequest()
         $strategy->render('/', $request);
     }
 
-    public function testLocalhostIsInTrustedProxies()
-    {
-        $strategy = new InlineFragmentRenderer($this->getKernel($this->returnValue(new Response())));
-        $request = Request::create('/');
-        $strategy->render('/', $request);
-
-        $this->assertTrue(in_array('127.0.0.1', Request::getTrustedProxies()));
-    }
-
     /**
      * Creates a Kernel expecting a request equals to $request
      * Allows delta in comparison in case REQUEST_TIME changed by 1 second.
