diff options
| author | Pierre Schmitz <pierre@archlinux.de> | 2011-12-03 13:29:22 +0100 |
|---|---|---|
| committer | Pierre Schmitz <pierre@archlinux.de> | 2011-12-03 13:29:22 +0100 |
| commit | ca32f08966f1b51fcb19460f0996bb0c4048e6fe (patch) | |
| tree | ec04cc15b867bc21eedca904cea9af0254531a11 /includes/ProxyTools.php | |
| parent | a22fbfc60f36f5f7ee10d5ae6fe347340c2ee67c (diff) | |
Update to MediaWiki 1.18.0
* also update ArchLinux skin to chagnes in MonoBook
* Use only css to hide our menu bar when printing
Diffstat (limited to 'includes/ProxyTools.php')
| -rw-r--r-- | includes/ProxyTools.php | 107 |
1 files changed, 30 insertions, 77 deletions
diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php index 13c19965..99cd65c5 100644 --- a/includes/ProxyTools.php +++ b/includes/ProxyTools.php @@ -12,10 +12,11 @@ * @return string */ function wfGetForwardedFor() { - if( function_exists( 'apache_request_headers' ) ) { + $apacheHeaders = function_exists( 'apache_request_headers' ) ? apache_request_headers() : null; + if( is_array( $apacheHeaders ) ) { // More reliable than $_SERVER due to case and -/_ folding - $set = array (); - foreach ( apache_request_headers() as $tempName => $tempValue ) { + $set = array(); + foreach ( $apacheHeaders as $tempName => $tempValue ) { $set[ strtoupper( $tempName ) ] = $tempValue; } $index = strtoupper ( 'X-Forwarded-For' ); @@ -30,7 +31,7 @@ function wfGetForwardedFor() { #Try a couple of headers if( isset( $set[$index] ) ) { return $set[$index]; - } else if( isset( $set[$index2] ) ) { + } elseif( isset( $set[$index2] ) ) { return $set[$index2]; } else { return null; @@ -40,12 +41,15 @@ function wfGetForwardedFor() { /** * Returns the browser/OS data from the request header * Note: headers are spoofable + * + * @deprecated in 1.18; use $wgRequest->getHeader( 'User-Agent' ) instead. * @return string */ function wfGetAgent() { + wfDeprecated( __FUNCTION__ ); if( function_exists( 'apache_request_headers' ) ) { // More reliable than $_SERVER due to case and -/_ folding - $set = array (); + $set = array(); foreach ( apache_request_headers() as $tempName => $tempValue ) { $set[ strtoupper( $tempName ) ] = $tempValue; } @@ -76,8 +80,6 @@ function wfGetIP() { return $ip; } - $ipchain = array(); - /* collect the originating ips */ # Client connecting to this webserver if ( isset( $_SERVER['REMOTE_ADDR'] ) ) { @@ -85,30 +87,29 @@ function wfGetIP() { } elseif( $wgCommandLineMode ) { $ip = '127.0.0.1'; } - if( $ip ) { - $ipchain[] = $ip; - } - # Append XFF on to $ipchain + # Append XFF $forwardedFor = wfGetForwardedFor(); - if ( isset( $forwardedFor ) ) { - $xff = array_map( 'trim', explode( ',', $forwardedFor ) ); - $xff = array_reverse( $xff ); - $ipchain = array_merge( $ipchain, $xff ); - } + if ( $forwardedFor !== null ) { + $ipchain = array_map( 'trim', explode( ',', $forwardedFor ) ); + $ipchain = array_reverse( $ipchain ); + if ( $ip ) { + array_unshift( $ipchain, $ip ); + } - # Step through XFF list and find the last address in the list which is a trusted server - # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) - foreach ( $ipchain as $i => $curIP ) { - $curIP = IP::canonicalize( $curIP ); - if ( wfIsTrustedProxy( $curIP ) ) { - if ( isset( $ipchain[$i + 1] ) ) { - if( $wgUsePrivateIPs || IP::isPublic( $ipchain[$i + 1 ] ) ) { - $ip = $ipchain[$i + 1]; + # Step through XFF list and find the last address in the list which is a trusted server + # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) + foreach ( $ipchain as $i => $curIP ) { + $curIP = IP::canonicalize( $curIP ); + if ( wfIsTrustedProxy( $curIP ) ) { + if ( isset( $ipchain[$i + 1] ) ) { + if( $wgUsePrivateIPs || IP::isPublic( $ipchain[$i + 1 ] ) ) { + $ip = $ipchain[$i + 1]; + } } + } else { + break; } - } else { - break; } } @@ -133,13 +134,8 @@ function wfGetIP() { function wfIsTrustedProxy( $ip ) { global $wgSquidServers, $wgSquidServersNoPurge; - if ( in_array( $ip, $wgSquidServers ) || - in_array( $ip, $wgSquidServersNoPurge ) - ) { - $trusted = true; - } else { - $trusted = false; - } + $trusted = in_array( $ip, $wgSquidServers ) || + in_array( $ip, $wgSquidServersNoPurge ); wfRunHooks( 'IsTrustedProxy', array( &$ip, &$trusted ) ); return $trusted; } @@ -168,7 +164,7 @@ function wfProxyCheck() { if ( !$skip ) { $title = SpecialPage::getTitleFor( 'Blockme' ); $iphash = md5( $ip . $wgProxyKey ); - $url = $title->getFullURL( 'ip='.$iphash ); + $url = wfExpandUrl( $title->getFullURL( 'ip='.$iphash ), PROTO_HTTP ); foreach ( $wgProxyPorts as $port ) { $params = implode( ' ', array( @@ -183,46 +179,3 @@ function wfProxyCheck() { $wgMemc->set( $mcKey, 1, $wgProxyMemcExpiry ); } } - -/** - * Convert a network specification in CIDR notation to an integer network and a number of bits - * - * @deprecated Call IP::parseCIDR() directly, will be removed in 1.19 - * @return array(string, int) - */ -function wfParseCIDR( $range ) { - wfDeprecated( __FUNCTION__ ); - return IP::parseCIDR( $range ); -} - -/** - * Check if an IP address is in the local proxy list - * @return bool - */ -function wfIsLocallyBlockedProxy( $ip ) { - global $wgProxyList; - - if ( !$wgProxyList ) { - return false; - } - wfProfileIn( __METHOD__ ); - - if ( !is_array( $wgProxyList ) ) { - # Load from the specified file - $wgProxyList = array_map( 'trim', file( $wgProxyList ) ); - } - - if ( !is_array( $wgProxyList ) ) { - $ret = false; - } elseif ( array_search( $ip, $wgProxyList ) !== false ) { - $ret = true; - } elseif ( array_key_exists( $ip, $wgProxyList ) ) { - # Old-style flipped proxy list - $ret = true; - } else { - $ret = false; - } - wfProfileOut( __METHOD__ ); - return $ret; -} - |