diff --git a/core/lib/Drupal/Core/DrupalKernel.php b/core/lib/Drupal/Core/DrupalKernel.php index d19ef90..87b28e5 100644 --- a/core/lib/Drupal/Core/DrupalKernel.php +++ b/core/lib/Drupal/Core/DrupalKernel.php @@ -1366,15 +1366,15 @@ public static function setupTrustedHosts(Request $request) { $hostPatterns = Settings::get('trusted_host_patterns', array()); // Allow an empty Host header - $hostPatterns += array( + $hostPatterns = array_merge($hostPatterns, array( '^localhost$', - '^localhost\.*$', + '^localhost\.*', '\.local$', - ); + )); $server_name = $request->server->get('SERVER_NAME'); if (!empty($server_name)) { - $hostPatterns[] = $server_name; + $hostPatterns[] = '^' . str_replace('.', '\.', $server_name . '$'); } $request->setTrustedHosts($hostPatterns); diff --git a/core/tests/Drupal/Tests/Core/DrupalKernel/TrustedHostsTest.php b/core/tests/Drupal/Tests/Core/DrupalKernel/TrustedHostsTest.php index d59b2f9..a3ce0df 100644 --- a/core/tests/Drupal/Tests/Core/DrupalKernel/TrustedHostsTest.php +++ b/core/tests/Drupal/Tests/Core/DrupalKernel/TrustedHostsTest.php @@ -2,12 +2,13 @@ /** * @file - * Contains \Drupal\Tests\Core\DrupalKernel\ValidateHostnameTest. + * Contains \Drupal\Tests\Core\DrupalKernel\TrustedHostsTest. */ namespace Drupal\Tests\Core\DrupalKernel; use Drupal\Core\DrupalKernel; +use Drupal\Core\Site\Settings; use Drupal\Tests\UnitTestCase; use Symfony\Component\HttpFoundation\Request; @@ -21,9 +22,97 @@ class TrustedHostsTest extends UnitTestCase { * Tests hostname validation. * * @covers ::setupTrustedHosts() + * + * @dataProvider providerTestTrustedHosts + */ + public function testTrustedHosts($host, $server_name, $message, $expected = FALSE) { + $request = new Request(); + + $request->headers->set('HOST', $host); + $request->server->set('SERVER_NAME', $server_name); + + $valid_host = DrupalKernel::setupTrustedHosts($request); + + $this->assertSame($expected, $valid_host, $message); + } + + /** + * Provides test data for testTrustedHosts(). + */ + public function providerTestTrustedHosts() { + $data = []; + + // Test our hardcoded defaults for local development with non-production + // server configurations. + $data[] = ['localhost', '', '', TRUE]; + $data[] = ['localhost.d8', '', '', TRUE]; + $data[] = ['d8.local', '', '', TRUE]; + + // Tests canonical URL + $data[] = ['www.example.com', 'www.example.com', '', TRUE]; + + // Tests mismatches + $data[] = ['example.com', 'www.example.com', '', FALSE]; + $data[] = ['subdomain.example.com', 'www.example.com', '', FALSE]; + $data[] = ['www.example.org', 'www.example.com', '', FALSE]; + $data[] = ['example.org', 'www.example.com', '', FALSE]; + $data[] = ['www.blackhat.com', 'www.example.com', '', FALSE]; + + return $data; + } + + /** + * Tests hostname validation with settings. + * + * @covers ::setupTrustedHosts() + * + * @dataProvider providerTestTrustedHostsWithSettings + */ + public function testTrustedHostsWithSettings($host, $server_name, $message, $expected = FALSE) { + $settings = new Settings(array( + 'trusted_host_patterns' => array( + '^example\.com$', + '^.+\.example\.com$', + '^example\.org', + '^.+\.example\.org', + ) + )); + + $request = new Request(); + + $request->headers->set('HOST', $host); + $request->server->set('SERVER_NAME', $server_name); + + $valid_host = DrupalKernel::setupTrustedHosts($request); + + $this->assertSame($expected, $valid_host, $message); + } + + /** + * Provides test data for testTrustedHostsWithSettings(). */ - public function testTrustedHosts() { - $this->fail(); + public function providerTestTrustedHostsWithSettings() { + $data = []; + + // Test our hardcoded defaults for local development with non-production + // server configurations. + $data[] = ['localhost', '', '', TRUE]; + $data[] = ['localhost.d8', '', '', TRUE]; + $data[] = ['d8.local', '', '', TRUE]; + + // Tests canonical URL + $data[] = ['www.example.com', 'www.example.com', '', TRUE]; + + // Tests the additional paterns from the settings. + $data[] = ['example.com', 'www.example.com', '', TRUE]; + $data[] = ['subdomain.example.com', 'www.example.com', '', TRUE]; + $data[] = ['www.example.org', 'www.example.com', '', TRUE]; + $data[] = ['example.org', 'www.example.com', '', TRUE]; + + // Tests mismatches + $data[] = ['www.blackhat.com', 'www.example.com', '', FALSE]; + + return $data; } }