diff options
| author | Joas Schilling <coding@schilljs.com> | 2020-07-02 11:05:02 +0200 |
|---|---|---|
| committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2020-07-02 10:09:45 +0000 |
| commit | a471dba6e12e7287da27ac770b63fb1790b59fdf (patch) | |
| tree | b2d85b6ed73ae69d0b4f7364a79539438d0fcde5 | |
| parent | 8054bc921e8b59722f6720912d3c22c7603f3c7e (diff) | |
| download | nextcloud-server-a471dba6e12e7287da27ac770b63fb1790b59fdf.tar.gz nextcloud-server-a471dba6e12e7287da27ac770b63fb1790b59fdf.zip | |
Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | lib/private/AppFramework/Http/Request.php | 6 | ||||
| -rw-r--r-- | tests/lib/AppFramework/Http/RequestTest.php | 28 |
2 files changed, 34 insertions, 0 deletions
diff --git a/lib/private/AppFramework/Http/Request.php b/lib/private/AppFramework/Http/Request.php index 12748e0dd62..6428f7116b0 100644 --- a/lib/private/AppFramework/Http/Request.php +++ b/lib/private/AppFramework/Http/Request.php @@ -653,6 +653,12 @@ class Request implements \ArrayAccess, \Countable, IRequest { if (isset($this->server[$header])) { foreach (explode(',', $this->server[$header]) as $IP) { $IP = trim($IP); + + // remove brackets from IPv6 addresses + if (strpos($IP, '[') === 0 && substr($IP, -1) === ']') { + $IP = substr($IP, 1, -1); + } + if (filter_var($IP, FILTER_VALIDATE_IP) !== false) { return $IP; } diff --git a/tests/lib/AppFramework/Http/RequestTest.php b/tests/lib/AppFramework/Http/RequestTest.php index a8e2f2248c6..7260b31b27e 100644 --- a/tests/lib/AppFramework/Http/RequestTest.php +++ b/tests/lib/AppFramework/Http/RequestTest.php @@ -632,6 +632,34 @@ class RequestTest extends \Test\TestCase { $this->assertSame('192.168.3.99', $request->getRemoteAddress()); } + public function testGetRemoteAddressWithXForwardedForIPv6() { + $this->config + ->expects($this->at(0)) + ->method('getSystemValue') + ->with('trusted_proxies') + ->willReturn(['192.168.2.0/24']); + $this->config + ->expects($this->at(1)) + ->method('getSystemValue') + ->with('forwarded_for_headers') + ->willReturn(['HTTP_X_FORWARDED_FOR']); + + $request = new Request( + [ + 'server' => [ + 'REMOTE_ADDR' => '192.168.2.99', + 'HTTP_X_FORWARDED_FOR' => '[2001:db8:85a3:8d3:1319:8a2e:370:7348]', + ], + ], + $this->secureRandom, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertSame('2001:db8:85a3:8d3:1319:8a2e:370:7348', $request->getRemoteAddress()); + } + /** * @return array */ |