Merge branch '4.1' into 4.2

* 4.1:
  [Security\Http] detect bad redirect targets using backslashes
  [Form] Filter file uploads out of regular form types
  Fix CI
  minor #28258 [travis] fix composer.lock invalidation for deps=low (nicolas-grekas)
  [travis] fix composer.lock invalidation for PRs patching several components
  [travis] fix composer.lock invalidation for deps=low
  minor #28199 [travis][appveyor] use symfony/flex to accelerate builds (nicolas-grekas)
  [travis] ignore ordering when validating composer.lock files for deps=low
  minor #28146 [travis] cache composer.lock files for deps=low (nicolas-grekas)
  fix ci
  [travis] fix requiring mongodb/mongodb before composer up
  minor #28114 [travis] merge "same Symfony version" jobs in one (nicolas-grekas)
  [2.7] Make CI green
  updated VERSION for 2.7.49
  updated CHANGELOG for 2.7.49
  [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer
  [HttpFoundation] Remove support for legacy and risky HTTP headers
  updated VERSION for 2.7.48
  update CONTRIBUTORS for 2.7.48
  updated CHANGELOG for 2.7.48

Author: nicolas-grekas

Http/HttpUtils.php

@@ -62,10 +62,10 @@ public function __construct(UrlGeneratorInterface $urlGenerator = null, $urlMatc
      */
     public function createRedirectResponse(Request $request, $path, $status = 302)
     {
-        if (null !== $this->secureDomainRegexp && 'https' === $this->urlMatcher->getContext()->getScheme() && preg_match('#^https?://[^/]++#i', $path, $host) && !preg_match(sprintf($this->secureDomainRegexp, preg_quote($request->getHttpHost())), $host[0])) {
+        if (null !== $this->secureDomainRegexp && 'https' === $this->urlMatcher->getContext()->getScheme() && preg_match('#^https?:[/\\\\]{2,}+[^/]++#i', $path, $host) && !preg_match(sprintf($this->secureDomainRegexp, preg_quote($request->getHttpHost())), $host[0])) {
             $path = '/';
         }
-        if (null !== $this->domainRegexp && preg_match('#^https?://[^/]++#i', $path, $host) && !preg_match(sprintf($this->domainRegexp, preg_quote($request->getHttpHost())), $host[0])) {
+        if (null !== $this->domainRegexp && preg_match('#^https?:[/\\\\]{2,}+[^/]++#i', $path, $host) && !preg_match(sprintf($this->domainRegexp, preg_quote($request->getHttpHost())), $host[0])) {
             $path = '/';
         }
 

Http/Tests/HttpUtilsTest.php

@@ -54,14 +54,28 @@ public function testCreateRedirectResponseWithRequestsDomain()
         $this->assertTrue($response->isRedirect('http://localhost/blog'));
     }
 
-    public function testCreateRedirectResponseWithBadRequestsDomain()
+    /**
+     * @dataProvider badRequestDomainUrls
+     */
+    public function testCreateRedirectResponseWithBadRequestsDomain($url)
     {
         $utils = new HttpUtils($this->getUrlGenerator(), null, '#^https?://%s$#i');
-        $response = $utils->createRedirectResponse($this->getRequest(), 'http://pirate.net/foo');
+        $response = $utils->createRedirectResponse($this->getRequest(), $url);
 
         $this->assertTrue($response->isRedirect('http://localhost/'));
     }
 
+    public function badRequestDomainUrls()
+    {
+        return array(
+            array('http://pirate.net/foo'),
+            array('http:\\\\pirate.net/foo'),
+            array('http:/\\pirate.net/foo'),
+            array('http:\\/pirate.net/foo'),
+            array('http://////pirate.net/foo'),
+        );
+    }
+
     public function testCreateRedirectResponseWithProtocolRelativeTarget()
     {
         $utils = new HttpUtils($this->getUrlGenerator(), null, '#^https?://%s$#i');