dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: Don't cache when a call could autocreate
[lhc/web/wiklou.git] / includes / ProxyTools.php
diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php
index bf1c405..a0f9e5f 100644 (file)
--- a/includes/ProxyTools.php
+++ b/includes/ProxyTools.php
@@ -77,10 +77,24 @@ function wfIsTrustedProxy( $ip ) {
  * Checks if an IP matches a proxy we've configured.
  * @param $ip String
  * @return bool
+ * @since 1.23 Supports CIDR ranges in $wgSquidServersNoPurge
  */
 function wfIsConfiguredProxy( $ip ) {
        global $wgSquidServers, $wgSquidServersNoPurge;
-       $trusted = in_array( $ip, $wgSquidServers ) ||
-               in_array( $ip, $wgSquidServersNoPurge );
+
+       // quick check of known proxy servers
+       $trusted = in_array( $ip, $wgSquidServers )
+               || in_array( $ip, $wgSquidServersNoPurge );
+
+       if ( !$trusted ) {
+               // slightly slower check to see if the ip is listed directly or in a CIDR
+               // block in $wgSquidServersNoPurge
+               foreach ( $wgSquidServersNoPurge as $block ) {
+                       if ( strpos( $block, '/' ) !== false && IP::isInRange( $ip, $block ) ) {
+                               $trusted = true;
+                               break;
+                       }
+               }
+       }
        return $trusted;
 }
Wiklou, le Wiki du Wiklou