Fixes yiisoft#4234: CVE-2018-14773. Drop support for HTTP_X_REWRITE_URL

beigazi · Dec 30, 2018 · 037832e · 037832e
1 parent 628b3db
commit 037832e
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 7 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -6,6 +6,7 @@ Version 1.1.21 under development
 
 - Bug #4220: Fixed PHP 7.2 incompatibility caused by the use of `create_function` in CHttpRequest (martinpetrasch)
 - Bug #4229: Remove deprecation errors from framework/web/js/source/jquery.yiiactiveform.js when using jQuery 3.1.1 (kenguest)
+- Bug #4234: CVE-2018-14773. Drop support for HTTP_X_REWRITE_URL (kenguest)
 
 Version 1.1.20 July 6, 2018
 ---------------------------

diff --git a/framework/web/CHttpRequest.php b/framework/web/CHttpRequest.php
@@ -539,9 +539,7 @@ public function getRequestUri()
 	{
 		if($this->_requestUri===null)
 		{
-			if(isset($_SERVER['HTTP_X_REWRITE_URL'])) // IIS
-				$this->_requestUri=$_SERVER['HTTP_X_REWRITE_URL'];
-			elseif(isset($_SERVER['REQUEST_URI']))
+			if(isset($_SERVER['REQUEST_URI']))
 			{
 				$this->_requestUri=$_SERVER['REQUEST_URI'];
 				if(!empty($_SERVER['HTTP_HOST']))

diff --git a/framework/yiilite.php b/framework/yiilite.php
@@ -2553,9 +2553,7 @@ public function getRequestUri()
 	{
 		if($this->_requestUri===null)
 		{
-			if(isset($_SERVER['HTTP_X_REWRITE_URL'])) // IIS
-				$this->_requestUri=$_SERVER['HTTP_X_REWRITE_URL'];
-			elseif(isset($_SERVER['REQUEST_URI']))
+			if(isset($_SERVER['REQUEST_URI']))
 			{
 				$this->_requestUri=$_SERVER['REQUEST_URI'];
 				if(!empty($_SERVER['HTTP_HOST']))
@@ -10729,4 +10727,4 @@ interface ILogFilter
 {
 	public function filter(&$logs);
 }
-?>
+?>