Fix PHP strict standard. Thanks to Siebrand.

[lhc/web/wiklou.git] / includes / ProxyTools.php

diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php
index aaf2ee1..6585de4 100644 (file)
--- a/includes/ProxyTools.php
+++ b/includes/ProxyTools.php
@@ -3,6 +3,12 @@
  * Functions for dealing with proxies
  */
 
+/**
+ * Extracts the XFF string from the request header
+ * Checks first for "X-Forwarded-For", then "Client-ip"
+ * Note: headers are spoofable
+ * @return string
+ */
 function wfGetForwardedFor() {
        if( function_exists( 'apache_request_headers' ) ) {
                // More reliable than $_SERVER due to case and -/_ folding
@@ -26,24 +32,10 @@ function wfGetForwardedFor() {
 }
 
 /**
- * Locates the client IP within a given XFF string
- * @param string $xff
+ * Returns the browser/OS data from the request header
+ * Note: headers are spoofable
  * @return string
  */
-function wfGetClientIPfromXFF( $xff ) {
-       if ( !$xff ) return null;
-       $xff = substr( $xff, 0, 511 );
-       // Just look for the first IP match
-       // We might have a mix of IPv4/IPv6
-       if ( preg_match('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|:(:[0-9A-Fa-f]{1,4}){1,7}|[0-9A-Fa-f]{1,4}(:{1,2}[0-9A-Fa-f]{1,4}|::$){1,7}#', $xff, $ip) ) {       
-               // Check if the numbers are valid
-               if ( IP::isIPAddress($ip) )
-                  return $ip;
-       }
-       
-       return null;
-}
-
 function wfGetAgent() {
        if( function_exists( 'apache_request_headers' ) ) {
                // More reliable than $_SERVER due to case and -/_ folding
@@ -61,7 +53,11 @@ function wfGetAgent() {
        }
 }
 
-/** Work out the IP address based on various globals */
+/**
+ * Work out the IP address based on various globals
+ * For trusted proxies, use the XFF client IP (first of the chain)
+ * @return string
+ */
 function wfGetIP() {
        global $wgIP;
 
@@ -106,6 +102,13 @@ function wfGetIP() {
        return $ip;
 }
 
+/**
+ * Checks if an IP is a trusted proxy providor
+ * Useful to tell if X-Fowarded-For data is possibly bogus
+ * Squid cache servers for the site and AOL are whitelisted
+ * @param string $ip
+ * @return bool
+ */
 function wfIsTrustedProxy( $ip ) {
        global $wgSquidServers, $wgSquidServersNoPurge;
 
@@ -170,6 +173,7 @@ function wfProxyCheck() {
 
 /**
  * Convert a network specification in CIDR notation to an integer network and a number of bits
+ * @return array(string, int)
  */
 function wfParseCIDR( $range ) {
        return IP::parseCIDR( $range );
@@ -177,6 +181,7 @@ function wfParseCIDR( $range ) {
 
 /**
  * Check if an IP address is in the local proxy list
+ * @return bool
  */
 function wfIsLocallyBlockedProxy( $ip ) {
        global $wgProxyList;
@@ -209,6 +214,7 @@ function wfIsLocallyBlockedProxy( $ip ) {
 /**
  * TODO: move this list to the database in a global IP info table incorporating
  * trusted ISP proxies, blocked IP addresses and open proxies.
+ * @return bool
  */
 function wfIsAOLProxy( $ip ) {
        $ranges = array(
@@ -254,4 +260,4 @@ function wfIsAOLProxy( $ip ) {
 
 
 
-?>
+