symfony
diff --git a/‎EventListener/ValidateRequestListener.php
Lines changed: 0 additions & 56 deletions b/‎EventListener/ValidateRequestListener.php
Lines changed: 0 additions & 56 deletions
diff --git a/‎HttpKernel.php
Lines changed: 9 additions & 0 deletions b/‎HttpKernel.php
Lines changed: 9 additions & 0 deletions
diff --git a/‎Tests/EventListener/ValidateRequestListenerTest.php
Lines changed: 0 additions & 67 deletions b/‎Tests/EventListener/ValidateRequestListenerTest.php
Lines changed: 0 additions & 67 deletions
diff --git a/‎Tests/HttpKernelTest.php
Lines changed: 27 additions & 0 deletions b/‎Tests/HttpKernelTest.php
Lines changed: 27 additions & 0 deletions
diff --git a/‎composer.json
Lines changed: 1 addition & 1 deletion b/‎composer.json
Lines changed: 1 addition & 1 deletion
@@ -12,6 +12,7 @@
 namespace Symfony\Component\HttpKernel;
 
 use Symfony\Component\HttpKernel\Controller\ControllerResolverInterface;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
 use Symfony\Component\HttpKernel\Event\FilterControllerEvent;
@@ -21,6 +22,7 @@
 use Symfony\Component\HttpKernel\Event\GetResponseForControllerResultEvent;
 use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
 use Symfony\Component\HttpKernel\Event\PostResponseEvent;
+use Symfony\Component\HttpFoundation\Exception\ConflictingHeadersException;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\HttpFoundation\Response;
@@ -113,6 +115,13 @@ public function terminateWithException(\Exception $exception)
      */
     private function handleRaw(Request $request, $type = self::MASTER_REQUEST)
     {
+        if (self::MASTER_REQUEST === $type && $request::getTrustedProxies()) {
+            try {
+                $request->getClientIps();
+            } catch (ConflictingHeadersException $e) {
+                throw new BadRequestHttpException('The request headers contain conflicting information regarding the origin of this request.', $e);
+            }
+        }
         $this->requestStack->push($request);
 
         // request
 
@@ -260,6 +260,33 @@ public function testVerifyRequestStackPushPopDuringHandle()
         $kernel->handle($request, HttpKernelInterface::MASTER_REQUEST);
     }
 
+    /**
+     * @expectedException Symfony\Component\HttpKernel\Exception\BadRequestHttpException
+     */
+    public function testInconsistentClientIpsOnMasterRequests()
+    {
+        $kernel = new HttpKernel(new EventDispatcher(), $this->getResolver());
+        $request = new Request();
+        $request->setTrustedProxies(array('1.1.1.1'));
+        $request->server->set('REMOTE_ADDR', '1.1.1.1');
+        $request->headers->set('FORWARDED', '2.2.2.2');
+        $request->headers->set('X_FORWARDED_FOR', '3.3.3.3');
+
+        $kernel->handle($request, $kernel::MASTER_REQUEST, false);
+    }
+
+    public function testInconsistentClientIpsOnSubRequests()
+    {
+        $kernel = new HttpKernel(new EventDispatcher(), $this->getResolver());
+        $request = new Request();
+        $request->setTrustedProxies(array('1.1.1.1'));
+        $request->server->set('REMOTE_ADDR', '1.1.1.1');
+        $request->headers->set('FORWARDED', '2.2.2.2');
+        $request->headers->set('X_FORWARDED_FOR', '3.3.3.3');
+
+        $this->assertInstanceOf('Symfony\Component\HttpFoundation\Response', $kernel->handle($request, $kernel::SUB_REQUEST, false));
+    }
+
     protected function getResolver($controller = null)
     {
         if (null === $controller) {
 
@@ -18,7 +18,7 @@
     "require": {
         "php": ">=5.5.9",
         "symfony/event-dispatcher": "~2.8|~3.0",
-        "symfony/http-foundation": "~2.8|~3.0",
+        "symfony/http-foundation": "~2.8.8|~3.0.8|~3.1.2|~3.2",
         "symfony/debug": "~2.8|~3.0",
         "psr/log": "~1.0"
     },