includes/ProxyTools.php

   1 <?php
   2 /**
   3  * Functions for dealing with proxies.
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  */
  22
  23 /**
  24  * Extracts the XFF string from the request header
  25  * Note: headers are spoofable
  26  *
  27  * @deprecated in 1.19; use $wgRequest->getHeader( 'X-Forwarded-For' ) instead.
  28  * @return string
  29  */
  30 function wfGetForwardedFor() {
  31         wfDeprecated( __METHOD__, '1.19' );
  32         global $wgRequest;
  33         return $wgRequest->getHeader( 'X-Forwarded-For' );
  34 }
  35
  36 /**
  37  * Returns the browser/OS data from the request header
  38  * Note: headers are spoofable
  39  *
  40  * @deprecated in 1.18; use $wgRequest->getHeader( 'User-Agent' ) instead.
  41  * @return string
  42  */
  43 function wfGetAgent() {
  44         wfDeprecated( __METHOD__, '1.18' );
  45         global $wgRequest;
  46         return $wgRequest->getHeader( 'User-Agent' );
  47 }
  48
  49 /**
  50  * Work out the IP address based on various globals
  51  * For trusted proxies, use the XFF client IP (first of the chain)
  52  *
  53  * @deprecated in 1.19; call $wgRequest->getIP() directly.
  54  * @return string
  55  */
  56 function wfGetIP() {
  57         wfDeprecated( __METHOD__, '1.19' );
  58         global $wgRequest;
  59         return $wgRequest->getIP();
  60 }
  61
  62 /**
  63  * Checks if an IP is a trusted proxy provider.
  64  * Useful to tell if X-Forwarded-For data is possibly bogus.
  65  * Squid cache servers for the site are whitelisted.
  66  *
  67  * @param $ip String
  68  * @return bool
  69  */
  70 function wfIsTrustedProxy( $ip ) {
  71         $trusted = wfIsConfiguredProxy( $ip );
  72         wfRunHooks( 'IsTrustedProxy', array( &$ip, &$trusted ) );
  73         return $trusted;
  74 }
  75
  76 /**
  77  * Checks if an IP matches a proxy we've configured.
  78  * @param $ip String
  79  * @return bool
  80  * @since 1.23 Supports CIDR ranges in $wgSquidServersNoPurge
  81  */
  82 function wfIsConfiguredProxy( $ip ) {
  83         global $wgSquidServers, $wgSquidServersNoPurge;
  84
  85         // quick check of known proxy servers
  86         $trusted = in_array( $ip, $wgSquidServers )
  87                 || in_array( $ip, $wgSquidServersNoPurge );
  88
  89         if ( !$trusted ) {
  90                 // slightly slower check to see if the ip is listed directly or in a CIDR
  91                 // block in $wgSquidServersNoPurge
  92                 foreach ( $wgSquidServersNoPurge as $block ) {
  93                         if ( strpos( $block, '/' ) !== false && IP::isInRange( $ip, $block ) ) {
  94                                 $trusted = true;
  95                                 break;
  96                         }
  97                 }
  98         }
  99         return $trusted;
 100 }