Merge branch 'master' into 2574

src/Config/SessionConfig.php

@@ -70,12 +70,10 @@ class SessionConfig extends StandardConfig
     /**
      * Set storage option in backend configuration store
      *
-     * Does nothing in this implementation; others might use it to set things
-     * such as INI settings.
-     *
      * @param  string $storageName
      * @param  mixed $storageValue
      * @return SessionConfig
+     * @throws \InvalidArgumentException
      */
     public function setStorageOption($storageName, $storageValue)
     {
@@ -92,7 +90,11 @@ public function setStorageOption($storageName, $storageValue)
                 break;
         }
 
-        ini_set($key, $storageValue);
+        $result = ini_set($key, $storageValue);
+        if (FALSE === $result) {
+            throw new \InvalidArgumentException("'" . $key .
+                    "' is not a valid sessions-related ini setting.");
+        }
         return $this;
     }
 

src/SaveHandler/Cache.php

@@ -86,7 +86,7 @@ public function close()
      */
     public function read($id)
     {
-        return $this->getCacheStorge()->getItem($id);
+        return $this->getCacheStorage()->getItem($id);
     }
 
     /**
@@ -98,7 +98,7 @@ public function read($id)
      */
     public function write($id, $data)
     {
-        return $this->getCacheStorge()->setItem($id, $data);
+        return $this->getCacheStorage()->setItem($id, $data);
     }
 
     /**
@@ -109,7 +109,7 @@ public function write($id, $data)
      */
     public function destroy($id)
     {
-        return $this->getCacheStorge()->removeItem($id);
+        return $this->getCacheStorage()->removeItem($id);
     }
 
     /**
@@ -120,7 +120,7 @@ public function destroy($id)
      */
     public function gc($maxlifetime)
     {
-        $cache = $this->getCacheStorge();
+        $cache = $this->getCacheStorage();
         if ($cache instanceof ClearExpiredCacheStorage) {
             return $cache->clearExpired();
         }
@@ -140,12 +140,20 @@ public function setCacheStorage(CacheStorage $cacheStorage)
     }
 
     /**
-     * Get Cache Storage Adapter Object
+     * Get cache storage
      *
      * @return CacheStorage
      */
-    public function getCacheStorge()
+    public function getCacheStorage()
     {
         return $this->cacheStorage;
     }
+
+    /**
+     * @deprecated Misspelled method - use getCacheStorage() instead
+     */
+    public function getCacheStorge()
+    {
+        return $this->getCacheStorage();
+    }
 }

src/SessionManager.php

@@ -319,7 +319,7 @@ public function getValidatorChain()
     public function isValid()
     {
         $validator = $this->getValidatorChain();
-        $responses = $validator->triggerUntil('session.validate', $this, array($this), function($test) {
+        $responses = $validator->triggerUntil('session.validate', $this, array($this), function ($test) {
             return !$test;
         });
         if ($responses->stopped()) {

src/Validator/RemoteAddr.php

@@ -10,6 +10,7 @@
 
 namespace Zend\Session\Validator;
 
+use Zend\Http\PhpEnvironment\RemoteAddress;
 use Zend\Session\Validator\ValidatorInterface as SessionValidator;
 
 /**
@@ -38,6 +39,20 @@ class RemoteAddr implements SessionValidator
      */
     protected static $useProxy = false;
 
+    /**
+     * List of trusted proxy IP addresses
+     *
+     * @var array
+     */
+    protected static $trustedProxies = array();
+
+    /**
+     * HTTP header to introspect for proxies
+     *
+     * @var string
+     */
+    protected static $proxyHeader = 'HTTP_X_FORWARDED_FOR';
+
     /**
      * Constructor
      * get the current user IP and store it in the session as 'valid data'
@@ -85,33 +100,40 @@ public static function getUseProxy()
         return static::$useProxy;
     }
 
+    /**
+     * Set list of trusted proxy addresses
+     *
+     * @param  array $trustedProxies
+     * @return void
+     */
+    public static function setTrustedProxies(array $trustedProxies)
+    {
+        static::$trustedProxies = $trustedProxies;
+    }
+
+    /**
+     * Set the header to introspect for proxy IPs
+     *
+     * @param  string $header
+     * @return void
+     */
+    public static function setProxyHeader($header = 'X-Forwarded-For')
+    {
+        static::$proxyHeader = $header;
+    }
+
     /**
      * Returns client IP address.
      *
      * @return string IP address.
      */
     protected function getIpAddress()
     {
-        if (static::$useProxy) {
-            // proxy IP address
-            if (isset($_SERVER['HTTP_CLIENT_IP']) && $_SERVER['HTTP_CLIENT_IP']) {
-                $ips = explode(',', $_SERVER['HTTP_CLIENT_IP']);
-                return trim($ips[0]);
-            }
-
-            // proxy IP address
-            if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR']) {
-                $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
-                return trim($ips[0]);
-            }
-        }
-
-        // direct IP address
-        if (isset($_SERVER['REMOTE_ADDR'])) {
-            return $_SERVER['REMOTE_ADDR'];
-        }
-
-        return '';
+        $remoteAddress = new RemoteAddress();
+        $remoteAddress->setUseProxy(static::$useProxy);
+        $remoteAddress->setTrustedProxies(static::$trustedProxies);
+        $remoteAddress->setProxyHeader(static::$proxyHeader);
+        return $remoteAddress->getIpAddress();
     }
 
     /**

test/Config/SessionConfigTest.php

@@ -729,6 +729,42 @@ public function testRememberMeSecondsIsMutable()
         $this->assertEquals(604800, $this->config->getRememberMeSeconds());
     }
 
+    // setOption
+
+    /**
+     * @dataProvider optionsProvider
+     */
+    public function testSetOptionSetsIniSetting($option, $getter, $value)
+    {
+        // Leaving out special cases.
+        if ($option != 'remember_me_seconds' && $option != 'url_rewriter_tags') {
+            $this->config->setStorageOption($option, $value);
+            $this->assertEquals(ini_get('session.' . $option), $value);
+        }
+    }
+
+    public function testSetOptionUrlRewriterTagsGetsMunged()
+    {
+        $value = 'a=href';
+        $this->config->setStorageOption('url_rewriter_tags', $value);
+        $this->assertEquals(ini_get('url_rewriter.tags'), $value);
+    }
+
+    public function testSetOptionRememberMeSecondsDoesNothing()
+    {
+        // I have no idea how to test this.
+    }
+
+    /**
+     * @expectedException InvalidArgumentException
+     */
+    public function testSetOptionsThrowsExceptionOnInvalidKey()
+    {
+        $badKey = 'snarfblat';
+        $value = 'foobar';
+        $this->config->setStorageOption($badKey, $value);
+    }
+
     // setOptions
 
     /**

test/Validator/RemoteAddrTest.php

@@ -30,11 +30,17 @@ protected function backup()
             $_SERVER['HTTP_X_FORWARDED_FOR'],
             $_SERVER['HTTP_CLIENT_IP']
         );
+        RemoteAddr::setUseProxy(false);
+        RemoteAddr::setTrustedProxies(array());
+        RemoteAddr::setProxyHeader();
     }
 
     protected function restore()
     {
         $_SERVER = $this->backup;
+        RemoteAddr::setUseProxy(false);
+        RemoteAddr::setTrustedProxies(array());
+        RemoteAddr::setProxyHeader();
     }
 
     public function testGetData()
@@ -84,7 +90,6 @@ public function testHttpXForwardedFor()
         $_SERVER['HTTP_X_FORWARDED_FOR'] = '1.1.2.3';
         RemoteAddr::setUseProxy(true);
         $validator = new RemoteAddr();
-        RemoteAddr::setUseProxy(false);
         $this->assertEquals('1.1.2.3', $validator->getData());
         $this->restore();
     }
@@ -97,20 +102,55 @@ public function testHttpClientIp()
         $_SERVER['HTTP_X_FORWARDED_FOR'] = '2.1.2.3';
         RemoteAddr::setUseProxy(true);
         $validator = new RemoteAddr();
-        RemoteAddr::setUseProxy(false);
         $this->assertEquals('2.1.2.3', $validator->getData());
         $this->restore();
     }
 
-    public function testMultipleHttpXForwardedFor()
+    public function testUsesRightMostAddressWhenMultipleHttpXForwardedForAddressesPresent()
     {
         $this->backup();
         $_SERVER['REMOTE_ADDR'] = '0.1.2.3';
         $_SERVER['HTTP_X_FORWARDED_FOR'] = '2.1.2.3, 1.1.2.3';
         RemoteAddr::setUseProxy(true);
         $validator = new RemoteAddr();
-        RemoteAddr::setUseProxy(false);
+        $this->assertEquals('1.1.2.3', $validator->getData());
+        $this->restore();
+    }
+
+    public function testShouldNotUseClientIpHeaderToTestProxyCapabilitiesByDefault()
+    {
+        $this->backup();
+        $_SERVER['REMOTE_ADDR'] = '0.1.2.3';
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = '2.1.2.3, 1.1.2.3';
+        $_SERVER['HTTP_CLIENT_IP'] = '0.1.2.4';
+        RemoteAddr::setUseProxy(true);
+        $validator = new RemoteAddr();
+        $this->assertEquals('1.1.2.3', $validator->getData());
+        $this->restore();
+    }
+
+    public function testWillOmitTrustedProxyIpsFromXForwardedForMatching()
+    {
+        $this->backup();
+        $_SERVER['REMOTE_ADDR'] = '0.1.2.3';
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = '2.1.2.3, 1.1.2.3';
+        RemoteAddr::setUseProxy(true);
+        RemoteAddr::setTrustedProxies(array('1.1.2.3'));
+        $validator = new RemoteAddr();
         $this->assertEquals('2.1.2.3', $validator->getData());
         $this->restore();
     }
+
+    public function testCanSpecifyWhichHeaderToUseStatically()
+    {
+        $this->backup();
+        $_SERVER['REMOTE_ADDR'] = '0.1.2.3';
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = '2.1.2.3, 1.1.2.3';
+        $_SERVER['HTTP_CLIENT_IP'] = '0.1.2.4';
+        RemoteAddr::setUseProxy(true);
+        RemoteAddr::setProxyHeader('Client-Ip');
+        $validator = new RemoteAddr();
+        $this->assertEquals('0.1.2.4', $validator->getData());
+        $this->restore();
+    }
 }