summaryrefslogtreecommitdiffstats
path: root/core/authorize.php
diff options
context:
space:
mode:
authorAlex Pott2014-11-21 09:31:37 (GMT)
committerAlex Pott2014-11-21 09:31:37 (GMT)
commit62ee12bbff072ffb211d4dea670f2765c7c926cb (patch)
tree9389b40385e87cba2d2fc159182235e44a80987f /core/authorize.php
parentb61edd72e77a63fe3ee029941119b3bc82ffe860 (diff)
Issue #2304949 by mpdonadio, cilefen, znerol, klausi, gaurav.goyal, regilero: Port HTTP Host header DoS fix from SA-CORE-2014-003
Diffstat (limited to 'core/authorize.php')
-rw-r--r--core/authorize.php14
1 files changed, 11 insertions, 3 deletions
diff --git a/core/authorize.php b/core/authorize.php
index 231ad8d..fe4b7d0 100644
--- a/core/authorize.php
+++ b/core/authorize.php
@@ -22,6 +22,7 @@
use Drupal\Core\DrupalKernel;
use Drupal\Core\Url;
+use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Drupal\Core\Site\Settings;
@@ -54,9 +55,16 @@ function authorize_access_allowed() {
return Settings::get('allow_authorize_operations', TRUE) && \Drupal::currentUser()->hasPermission('administer software updates');
}
-$request = Request::createFromGlobals();
-$kernel = DrupalKernel::createFromRequest($request, $autoloader, 'prod');
-$kernel->prepareLegacyRequest($request);
+try {
+ $request = Request::createFromGlobals();
+ $kernel = DrupalKernel::createFromRequest($request, $autoloader, 'prod');
+ $kernel->prepareLegacyRequest($request);
+}
+catch (HttpExceptionInterface $e) {
+ $response = new Response('', $e->getStatusCode());
+ $response->prepare($request)->send();
+ exit;
+}
// We have to enable the user and system modules, even to check access and
// display errors via the maintenance theme.