X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FWebRequest.php;h=4ad7344f3711cb2552bd34c551770732b8cdd0fe;hb=fd26d27c094cc962d59a7477afdc1c232f13eb2c;hp=80881c977c0660986ec732afb2264aa6b5312e4b;hpb=75da5baa3f353a326edaf9ee4e0bbaed097f725a;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/WebRequest.php b/includes/WebRequest.php index 80881c977c..4ad7344f37 100644 --- a/includes/WebRequest.php +++ b/includes/WebRequest.php @@ -50,6 +50,12 @@ class WebRequest { */ private $ip; + /** + * Cached URL protocol + * @var string + */ + private $protocol; + public function __construct() { /// @todo FIXME: This preemptive de-quoting can interfere with other web libraries /// and increases our memory footprint. It would be cleaner to do on @@ -160,7 +166,8 @@ class WebRequest { * @return string */ public static function detectServer() { - list( $proto, $stdPort ) = self::detectProtocolAndStdPort(); + $proto = self::detectProtocol(); + $stdPort = $proto === 'https' ? 443 : 80; $varNames = array( 'HTTP_HOST', 'SERVER_NAME', 'HOSTNAME', 'SERVER_ADDR' ); $host = 'localhost'; @@ -189,25 +196,32 @@ class WebRequest { } /** + * Detect the protocol from $_SERVER. + * This is for use prior to Setup.php, when no WebRequest object is available. + * At other times, use the non-static function getProtocol(). + * * @return array */ - public static function detectProtocolAndStdPort() { + public static function detectProtocol() { if ( ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] == 'on' ) || ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) ) { - $arr = array( 'https', 443 ); + return 'https'; } else { - $arr = array( 'http', 80 ); + return 'http'; } return $arr; } /** + * Get the current URL protocol (http or https) * @return string */ - public static function detectProtocol() { - list( $proto, ) = self::detectProtocolAndStdPort(); - return $proto; + public function getProtocol() { + if ( $this->protocol === null ) { + $this->protocol = self::detectProtocol(); + } + return $this->protocol; } /** @@ -466,6 +480,20 @@ class WebRequest { : null; } + /** + * Fetch a floating point value from the input or return $default if not set. + * Guaranteed to return a float; non-numeric input will typically + * return 0. + * + * @since 1.23 + * @param $name String + * @param $default Float + * @return Float + */ + public function getFloat( $name, $default = 0 ) { + return floatval( $this->getVal( $name, $default ) ); + } + /** * Fetch a boolean value from the input or return $default if not set. * Guaranteed to return true or false, with normal PHP semantics for @@ -881,8 +909,9 @@ class WebRequest { return; } - if ( function_exists( 'apache_request_headers' ) ) { - foreach ( apache_request_headers() as $tempName => $tempValue ) { + $apacheHeaders = function_exists( 'apache_request_headers' ) ? apache_request_headers() : false; + if ( $apacheHeaders ) { + foreach ( $apacheHeaders as $tempName => $tempValue ) { $this->headers[strtoupper( $tempName )] = $tempValue; } } else { @@ -1141,12 +1170,19 @@ HTML; # unless the address is not sensible (e.g. private). However, prefer private # IP addresses over proxy servers controlled by this site (more sensible). foreach ( $ipchain as $i => $curIP ) { - $curIP = IP::canonicalize( $curIP ); + $curIP = IP::sanitizeIP( IP::canonicalize( $curIP ) ); if ( wfIsTrustedProxy( $curIP ) && isset( $ipchain[$i + 1] ) ) { - if ( wfIsConfiguredProxy( $curIP ) || // bug 48919 - ( IP::isPublic( $ipchain[$i + 1] ) || $wgUsePrivateIPs ) + if ( wfIsConfiguredProxy( $curIP ) || // bug 48919; treat IP as sane + IP::isPublic( $ipchain[$i + 1] ) || + $wgUsePrivateIPs ) { - $ip = IP::canonicalize( $ipchain[$i + 1] ); + $nextIP = IP::canonicalize( $ipchain[$i + 1] ); + if ( !$nextIP && wfIsConfiguredProxy( $ip ) ) { + // We have not yet made it past CDN/proxy servers of this site, + // so either they are misconfigured or there is some IP spoofing. + throw new MWException( "Invalid IP given in XFF '$forwardedFor'." ); + } + $ip = $nextIP; continue; } } @@ -1158,7 +1194,7 @@ HTML; wfRunHooks( 'GetIP', array( &$ip ) ); if ( !$ip ) { - throw new MWException( "Unable to determine IP" ); + throw new MWException( "Unable to determine IP." ); } wfDebug( "IP: $ip\n" ); @@ -1304,9 +1340,10 @@ class FauxRequest extends WebRequest { * fake GET/POST values * @param bool $wasPosted whether to treat the data as POST * @param $session Mixed: session array or null + * @param string $protocol 'http' or 'https' * @throws MWException */ - public function __construct( $data = array(), $wasPosted = false, $session = null ) { + public function __construct( $data = array(), $wasPosted = false, $session = null, $protocol = 'http' ) { if ( is_array( $data ) ) { $this->data = $data; } else { @@ -1316,6 +1353,7 @@ class FauxRequest extends WebRequest { if ( $session ) { $this->session = $session; } + $this->protocol = $protocol; } /** @@ -1377,6 +1415,10 @@ class FauxRequest extends WebRequest { $this->notImplemented( __METHOD__ ); } + public function getProtocol() { + return $this->protocol; + } + /** * @param string $name The name of the header to get (case insensitive). * @return bool|string @@ -1516,4 +1558,8 @@ class DerivativeRequest extends FauxRequest { public function getIP() { return $this->base->getIP(); } + + public function getProtocol() { + return $this->base->getProtocol(); + } }