* Checks if an IP matches a proxy we've configured.
* @param $ip String
* @return bool
+ * @since 1.23 Supports CIDR ranges in $wgSquidServersNoPurge
*/
function wfIsConfiguredProxy( $ip ) {
global $wgSquidServers, $wgSquidServersNoPurge;
- $trusted = in_array( $ip, $wgSquidServers ) ||
- in_array( $ip, $wgSquidServersNoPurge );
- return $trusted;
-}
-
-/**
- * Forks processes to scan the originating IP for an open proxy server
- * MemCached can be used to skip IPs that have already been scanned
- */
-function wfProxyCheck() {
- global $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath;
- global $wgMemc, $wgProxyMemcExpiry, $wgRequest;
- global $wgProxyKey;
- if ( !$wgBlockOpenProxies ) {
- return;
- }
-
- $ip = $wgRequest->getIP();
-
- # Get MemCached key
- $mcKey = wfMemcKey( 'proxy', 'ip', $ip );
- $mcValue = $wgMemc->get( $mcKey );
- $skip = (bool)$mcValue;
+ // quick check of known proxy servers
+ $trusted = in_array( $ip, $wgSquidServers )
+ || in_array( $ip, $wgSquidServersNoPurge );
- # Fork the processes
- if ( !$skip ) {
- $title = SpecialPage::getTitleFor( 'Blockme' );
- $iphash = md5( $ip . $wgProxyKey );
- $url = wfExpandUrl( $title->getFullURL( 'ip=' . $iphash ), PROTO_HTTP );
-
- foreach ( $wgProxyPorts as $port ) {
- $params = implode( ' ', array(
- escapeshellarg( $wgProxyScriptPath ),
- escapeshellarg( $ip ),
- escapeshellarg( $port ),
- escapeshellarg( $url )
- ));
- exec( "php $params >" . wfGetNull() . " 2>&1 &" );
+ if ( !$trusted ) {
+ // slightly slower check to see if the ip is listed directly or in a CIDR
+ // block in $wgSquidServersNoPurge
+ foreach ( $wgSquidServersNoPurge as $block ) {
+ if ( strpos( $block, '/' ) !== false && IP::isInRange( $ip, $block ) ) {
+ $trusted = true;
+ break;
+ }
}
- # Set MemCached key
- $wgMemc->set( $mcKey, 1, $wgProxyMemcExpiry );
}
+ return $trusted;
}
dépôts / lhc / web / wiklou.git / blobdiff