* defaults if not given. The limit must be positive and is capped at 5000.
* Offset must be positive but is not capped.
*
- * @param $deflimit Integer: limit to use if no input and the user hasn't set the option.
+ * @param int $deflimit limit to use if no input and the user hasn't set the option.
* @param string $optionname to specify an option other than rclimit to pull from.
+ * @param int $hardlimit the maximum upper limit to allow, usually 5000
* @return array first element is limit, second is offset
*/
- public function getLimitOffset( $deflimit = 50, $optionname = 'rclimit' ) {
+ public function getLimitOffset( $deflimit = 50, $optionname = 'rclimit', $hardlimit = 5000 ) {
global $wgUser;
$limit = $this->getInt( 'limit', 0 );
if ( $limit <= 0 ) {
$limit = $deflimit;
}
- if ( $limit > 5000 ) {
- $limit = 5000; # We have *some* limits...
+ if ( $limit > $hardlimit ) {
+ $limit = $hardlimit; # We have *some* limits...
}
$offset = $this->getInt( 'offset', 0 );
return $file->getTempName();
}
- /**
- * Return the size of the upload, or 0.
- *
- * @deprecated since 1.17
- * @param $key String:
- * @return integer
- */
- public function getFileSize( $key ) {
- wfDeprecated( __METHOD__, '1.17' );
- $file = new WebRequestUpload( $this, $key );
- return $file->getSize();
- }
-
/**
* Return the upload error or 0
*
return true;
}
- /**
- * Returns true if the PATH_INFO ends with an extension other than a script
- * extension. This could confuse IE for scripts that send arbitrary data which
- * is not HTML but may be detected as such.
- *
- * Various past attempts to use the URL to make this check have generally
- * run up against the fact that CGI does not provide a standard method to
- * determine the URL. PATH_INFO may be mangled (e.g. if cgi.fix_pathinfo=0),
- * but only by prefixing it with the script name and maybe some other stuff,
- * the extension is not mangled. So this should be a reasonably portable
- * way to perform this security check.
- *
- * Also checks for anything that looks like a file extension at the end of
- * QUERY_STRING, since IE 6 and earlier will use this to get the file type
- * if there was no dot before the question mark (bug 28235).
- *
- * @deprecated Use checkUrlExtension().
- *
- * @param $extWhitelist array
- *
- * @return bool
- */
- public function isPathInfoBad( $extWhitelist = array() ) {
- wfDeprecated( __METHOD__, '1.17' );
- global $wgScriptExtension;
- $extWhitelist[] = ltrim( $wgScriptExtension, '.' );
- return IEUrlExtension::areServerVarsBad( $_SERVER, $extWhitelist );
- }
-
/**
* Parse the Accept-Language header sent by the client into an array
* @return array array( languageCode => q-value ) sorted by q-value in descending order then
# unless the address is not sensible (e.g. private). However, prefer private
# IP addresses over proxy servers controlled by this site (more sensible).
foreach ( $ipchain as $i => $curIP ) {
+ // ignore 'unknown' value from Squid when 'forwarded_for off' and try next
+ if ( $curIP === 'unknown' ) {
+ continue;
+ }
$curIP = IP::sanitizeIP( IP::canonicalize( $curIP ) );
if ( wfIsTrustedProxy( $curIP ) && isset( $ipchain[$i + 1] ) ) {
if ( wfIsConfiguredProxy( $curIP ) || // bug 48919; treat IP as sane
return $this->session;
}
- /**
- * @param array $extWhitelist
- * @return bool
- */
- public function isPathInfoBad( $extWhitelist = array() ) {
- return false;
- }
-
/**
* FauxRequests shouldn't depend on raw request data (but that could be implemented here)
* @return String
dépôts / lhc / web / wiklou.git / blobdiff