includes/ProxyTools.php

   1 <?php
   2 /**
   3  * Functions for dealing with proxies
   4  *
   5  * @file
   6  */
   7
   8 /**
   9  * Extracts the XFF string from the request header
  10  * Note: headers are spoofable
  11  *
  12  * @deprecated in 1.19; use $wgRequest->getHeader( 'X-Forwarded-For' ) instead.
  13  * @return string
  14  */
  15 function wfGetForwardedFor() {
  16         wfDeprecated( __METHOD__, '1.19' );
  17         global $wgRequest;
  18         return $wgRequest->getHeader( 'X-Forwarded-For' );
  19 }
  20
  21 /**
  22  * Returns the browser/OS data from the request header
  23  * Note: headers are spoofable
  24  *
  25  * @deprecated in 1.18; use $wgRequest->getHeader( 'User-Agent' ) instead.
  26  * @return string
  27  */
  28 function wfGetAgent() {
  29         wfDeprecated( __METHOD__, '1.18' );
  30         global $wgRequest;
  31         return $wgRequest->getHeader( 'User-Agent' );
  32 }
  33
  34 /**
  35  * Work out the IP address based on various globals
  36  * For trusted proxies, use the XFF client IP (first of the chain)
  37  *
  38  * @deprecated in 1.19; call $wgRequest->getIP() directly.
  39  * @return string
  40  */
  41 function wfGetIP() {
  42         wfDeprecated( __METHOD__, '1.19' );
  43         global $wgRequest;
  44         return $wgRequest->getIP();
  45 }
  46
  47 /**
  48  * Checks if an IP is a trusted proxy providor.
  49  * Useful to tell if X-Fowarded-For data is possibly bogus.
  50  * Squid cache servers for the site are whitelisted.
  51  *
  52  * @param $ip String
  53  * @return bool
  54  */
  55 function wfIsTrustedProxy( $ip ) {
  56         $trusted = wfIsConfiguredProxy( $ip );
  57         wfRunHooks( 'IsTrustedProxy', array( &$ip, &$trusted ) );
  58         return $trusted;
  59 }
  60
  61 /**
  62  * Checks if an IP matches a proxy we've configured.
  63  * @param $ip String
  64  * @return bool
  65  */
  66 function wfIsConfiguredProxy( $ip ) {
  67         global $wgSquidServers, $wgSquidServersNoPurge;
  68         $trusted = in_array( $ip, $wgSquidServers ) ||
  69                 in_array( $ip, $wgSquidServersNoPurge );
  70         return $trusted;
  71 }
  72
  73 /**
  74  * Forks processes to scan the originating IP for an open proxy server
  75  * MemCached can be used to skip IPs that have already been scanned
  76  */
  77 function wfProxyCheck() {
  78         global $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath;
  79         global $wgMemc, $wgProxyMemcExpiry, $wgRequest;
  80         global $wgProxyKey;
  81
  82         if ( !$wgBlockOpenProxies ) {
  83                 return;
  84         }
  85
  86         $ip = $wgRequest->getIP();
  87
  88         # Get MemCached key
  89         $mcKey = wfMemcKey( 'proxy', 'ip', $ip );
  90         $mcValue = $wgMemc->get( $mcKey );
  91         $skip = (bool)$mcValue;
  92
  93         # Fork the processes
  94         if ( !$skip ) {
  95                 $title = SpecialPage::getTitleFor( 'Blockme' );
  96                 $iphash = md5( $ip . $wgProxyKey );
  97                 $url = wfExpandUrl( $title->getFullURL( 'ip='.$iphash ), PROTO_HTTP );
  98
  99                 foreach ( $wgProxyPorts as $port ) {
 100                         $params = implode( ' ', array(
 101                                                 escapeshellarg( $wgProxyScriptPath ),
 102                                                 escapeshellarg( $ip ),
 103                                                 escapeshellarg( $port ),
 104                                                 escapeshellarg( $url )
 105                                                 ));
 106                         exec( "php $params >" . wfGetNull() . " 2>&1 &" );
 107                 }
 108                 # Set MemCached key
 109                 $wgMemc->set( $mcKey, 1, $wgProxyMemcExpiry );
 110         }
 111 }