Merge pull request #21655 from nextcloud/backport/21653/stable19

[stable19] Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating
This commit is contained in:
Roeland Jago Douma 2020-07-02 20:49:11 +02:00 committed by GitHub
commit 6c3e9ee87c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 0 deletions

View File

@ -653,6 +653,12 @@ class Request implements \ArrayAccess, \Countable, IRequest {
if (isset($this->server[$header])) {
foreach (explode(',', $this->server[$header]) as $IP) {
$IP = trim($IP);
// remove brackets from IPv6 addresses
if (strpos($IP, '[') === 0 && substr($IP, -1) === ']') {
$IP = substr($IP, 1, -1);
}
if (filter_var($IP, FILTER_VALIDATE_IP) !== false) {
return $IP;
}

View File

@ -632,6 +632,34 @@ class RequestTest extends \Test\TestCase {
$this->assertSame('192.168.3.99', $request->getRemoteAddress());
}
public function testGetRemoteAddressWithXForwardedForIPv6() {
$this->config
->expects($this->at(0))
->method('getSystemValue')
->with('trusted_proxies')
->willReturn(['192.168.2.0/24']);
$this->config
->expects($this->at(1))
->method('getSystemValue')
->with('forwarded_for_headers')
->willReturn(['HTTP_X_FORWARDED_FOR']);
$request = new Request(
[
'server' => [
'REMOTE_ADDR' => '192.168.2.99',
'HTTP_X_FORWARDED_FOR' => '[2001:db8:85a3:8d3:1319:8a2e:370:7348]',
],
],
$this->secureRandom,
$this->config,
$this->csrfTokenManager,
$this->stream
);
$this->assertSame('2001:db8:85a3:8d3:1319:8a2e:370:7348', $request->getRemoteAddress());
}
/**
* @return array
*/