return $_GET;
}
+ /**
+ * Return the contents of the Query with no decoding. Use when you need to
+ * know exactly what was sent, e.g. for an OAuth signature over the elements.
+ *
+ * @return String
+ */
+ public function getRawQueryString() {
+ return $_SERVER['QUERY_STRING'];
+ }
+
+ /**
+ * Return the contents of the POST with no decoding. Use when you need to
+ * know exactly what was sent, e.g. for an OAuth signature over the elements.
+ *
+ * @return String
+ */
+ public function getRawPostString() {
+ if ( !$this->wasPosted() ) {
+ return '';
+ }
+ return $this->getRawInput();
+ }
+
+ /**
+ * Return the raw request body, with no processing. Cached since some methods
+ * disallow reading the stream more than once. As stated in the php docs, this
+ * does not work with enctype="multipart/form-data".
+ *
+ * @return String
+ */
+ public function getRawInput() {
+ static $input = false;
+ if ( $input === false ) {
+ $input = file_get_contents( 'php://input' );
+ }
+ return $input;
+ }
+
/**
* Get the HTTP method used for this request.
*
return;
}
- if ( function_exists( 'apache_request_headers' ) ) {
- foreach ( apache_request_headers() as $tempName => $tempValue ) {
+ $apacheHeaders = function_exists( 'apache_request_headers' ) ? apache_request_headers() : false;
+ if ( $apacheHeaders ) {
+ foreach ( $apacheHeaders as $tempName => $tempValue ) {
$this->headers[strtoupper( $tempName )] = $tempValue;
}
} else {
array_unshift( $ipchain, $ip );
}
- # Step through XFF list and find the last address in the list which is a trusted server
- # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private)
+ # Step through XFF list and find the last address in the list which is a
+ # trusted server. Set $ip to the IP address given by that trusted server,
+ # unless the address is not sensible (e.g. private). However, prefer private
+ # IP addresses over proxy servers controlled by this site (more sensible).
foreach ( $ipchain as $i => $curIP ) {
- $curIP = IP::canonicalize( $curIP );
- if ( wfIsTrustedProxy( $curIP ) ) {
- if ( isset( $ipchain[$i + 1] ) ) {
- if ( $wgUsePrivateIPs || IP::isPublic( $ipchain[$i + 1] ) ) {
- $ip = $ipchain[$i + 1];
- }
+ $curIP = IP::sanitizeIP( IP::canonicalize( $curIP ) );
+ if ( wfIsTrustedProxy( $curIP ) && isset( $ipchain[$i + 1] ) ) {
+ if ( wfIsConfiguredProxy( $curIP ) || // bug 48919
+ ( IP::isPublic( $ipchain[$i + 1] ) || $wgUsePrivateIPs )
+ ) {
+ $ip = IP::canonicalize( $ipchain[$i + 1] );
+ continue;
}
- } else {
- break;
}
+ break;
}
}
}
/**
- * @param $name
+ * @param string $name The name of the header to get (case insensitive).
* @return bool|string
*/
public function getHeader( $name ) {
+ $name = strtoupper( $name );
return isset( $this->headers[$name] ) ? $this->headers[$name] : false;
}
* @param $val string
*/
public function setHeader( $name, $val ) {
+ $name = strtoupper( $name );
$this->headers[$name] = $val;
}
return false;
}
+ /**
+ * FauxRequests shouldn't depend on raw request data (but that could be implemented here)
+ * @return String
+ */
+ public function getRawQueryString() {
+ return '';
+ }
+
+ /**
+ * FauxRequests shouldn't depend on raw request data (but that could be implemented here)
+ * @return String
+ */
+ public function getRawPostString() {
+ return '';
+ }
+
+ /**
+ * FauxRequests shouldn't depend on raw request data (but that could be implemented here)
+ * @return String
+ */
+ public function getRawInput() {
+ return '';
+ }
+
/**
* @param array $extWhitelist
* @return bool