diff options
Diffstat (limited to 'includes/ProxyTools.php')
| -rw-r--r-- | includes/ProxyTools.php | 50 |
1 files changed, 48 insertions, 2 deletions
diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php index 22ea4947..f72b640f 100644 --- a/includes/ProxyTools.php +++ b/includes/ProxyTools.php @@ -1,27 +1,63 @@ <?php /** * Functions for dealing with proxies - * @package MediaWiki */ +/** + * Extracts the XFF string from the request header + * Checks first for "X-Forwarded-For", then "Client-ip" + * Note: headers are spoofable + * @return string + */ function wfGetForwardedFor() { if( function_exists( 'apache_request_headers' ) ) { // More reliable than $_SERVER due to case and -/_ folding $set = apache_request_headers(); $index = 'X-Forwarded-For'; + $index2 = 'Client-ip'; } else { // Subject to spoofing with headers like X_Forwarded_For $set = $_SERVER; $index = 'HTTP_X_FORWARDED_FOR'; + $index2 = 'CLIENT-IP'; } + #Try a couple of headers if( isset( $set[$index] ) ) { return $set[$index]; + } else if( isset( $set[$index2] ) ) { + return $set[$index2]; } else { return null; } } -/** Work out the IP address based on various globals */ +/** + * Returns the browser/OS data from the request header + * Note: headers are spoofable + * @return string + */ +function wfGetAgent() { + if( function_exists( 'apache_request_headers' ) ) { + // More reliable than $_SERVER due to case and -/_ folding + $set = apache_request_headers(); + $index = 'User-Agent'; + } else { + // Subject to spoofing with headers like X_Forwarded_For + $set = $_SERVER; + $index = 'HTTP_USER_AGENT'; + } + if( isset( $set[$index] ) ) { + return $set[$index]; + } else { + return ''; + } +} + +/** + * Work out the IP address based on various globals + * For trusted proxies, use the XFF client IP (first of the chain) + * @return string + */ function wfGetIP() { global $wgIP; @@ -66,6 +102,13 @@ function wfGetIP() { return $ip; } +/** + * Checks if an IP is a trusted proxy providor + * Useful to tell if X-Fowarded-For data is possibly bogus + * Squid cache servers for the site and AOL are whitelisted + * @param string $ip + * @return bool + */ function wfIsTrustedProxy( $ip ) { global $wgSquidServers, $wgSquidServersNoPurge; @@ -130,6 +173,7 @@ function wfProxyCheck() { /** * Convert a network specification in CIDR notation to an integer network and a number of bits + * @return array(string, int) */ function wfParseCIDR( $range ) { return IP::parseCIDR( $range ); @@ -137,6 +181,7 @@ function wfParseCIDR( $range ) { /** * Check if an IP address is in the local proxy list + * @return bool */ function wfIsLocallyBlockedProxy( $ip ) { global $wgProxyList; @@ -169,6 +214,7 @@ function wfIsLocallyBlockedProxy( $ip ) { /** * TODO: move this list to the database in a global IP info table incorporating * trusted ISP proxies, blocked IP addresses and open proxies. + * @return bool */ function wfIsAOLProxy( $ip ) { $ranges = array( |