From 7394ae9c2740a26b1f080f25c71f1c56c44fa7e1 Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Fri, 30 Jan 2015 23:17:51 +0000
Subject: [PATCH] Issue #2416563 by tim.plunkett: Follow-up to "HTTP_HOST
 header cannot be trusted"

---
 core/lib/Drupal/Core/DrupalKernel.php | 12 ++++++------
 sites/example.settings.local.php      | 12 ------------
 2 files changed, 6 insertions(+), 18 deletions(-)

diff --git a/core/lib/Drupal/Core/DrupalKernel.php b/core/lib/Drupal/Core/DrupalKernel.php
index a3ae42d05ace..bc36c15fc087 100644
--- a/core/lib/Drupal/Core/DrupalKernel.php
+++ b/core/lib/Drupal/Core/DrupalKernel.php
@@ -229,9 +229,9 @@ public static function createFromRequest(Request $request, $class_loader, $envir
 
     // Initialize our list of trusted HTTP Host headers to protect against
     // header attacks.
-    $hostPatterns = Settings::get('trusted_host_patterns', array());
-    if (PHP_SAPI !== 'cli' && !empty($hostPatterns)) {
-      if (static::setupTrustedHosts($request, $hostPatterns) === FALSE) {
+    $host_patterns = Settings::get('trusted_host_patterns', array());
+    if (PHP_SAPI !== 'cli' && !empty($host_patterns)) {
+      if (static::setupTrustedHosts($request, $host_patterns) === FALSE) {
         throw new BadRequestHttpException('The provided host name is not valid for this server.');
       }
     }
@@ -1270,7 +1270,7 @@ public static function validateHostname(Request $request) {
    *
    * @param \Symfony\Component\HttpFoundation\Request $request
    *   The request object.
-   * @param array $hostPatterns
+   * @param array $host_patterns
    *   The array of trusted host patterns.
    *
    * @return boolean
@@ -1278,8 +1278,8 @@ public static function validateHostname(Request $request) {
    *
    * @see https://www.drupal.org/node/1992030
    */
-  protected static function setupTrustedHosts(Request $request, $hostPatterns) {
-    $request->setTrustedHosts($hostPatterns);
+  protected static function setupTrustedHosts(Request $request, $host_patterns) {
+    $request->setTrustedHosts($host_patterns);
 
     // Get the host, which will validate the current request.
     try {
diff --git a/sites/example.settings.local.php b/sites/example.settings.local.php
index 3d5857a306b3..7859fe502195 100644
--- a/sites/example.settings.local.php
+++ b/sites/example.settings.local.php
@@ -55,15 +55,3 @@
  * using these parameters in a request to rebuild.php.
  */
 $settings['rebuild_access'] = TRUE;
-
-/**
- * Trust localhost.
- *
- * This will configure several common hostnames used for local development to
- * be trusted hosts.
- */
-$settings['trusted_host_patterns'] = array(
-  '^localhost$',
-  '^localhost\.*',
-  '\.local$',
-);
-- 
GitLab