X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FProxyTools.php;h=13c199654d606c9943179d0eaf5d56d47341449b;hb=1920363bde7d0199913d008ab0a7d796389ad5d1;hp=4c60caae22d89ed8b141a9bb93fa46a3944e33ab;hpb=087a9f70c5c152b72dc6c539cf64e334a0f2d029;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php index 4c60caae22..13c199654d 100644 --- a/includes/ProxyTools.php +++ b/includes/ProxyTools.php @@ -1,6 +1,7 @@ $curIP ) { $curIP = IP::canonicalize( $curIP ); if ( wfIsTrustedProxy( $curIP ) ) { - if ( isset( $ipchain[$i + 1] ) && IP::isPublic( $ipchain[$i + 1] ) ) { - $ip = $ipchain[$i + 1]; + if ( isset( $ipchain[$i + 1] ) ) { + if( $wgUsePrivateIPs || IP::isPublic( $ipchain[$i + 1 ] ) ) { + $ip = $ipchain[$i + 1]; + } } } else { break; } } + # Allow extensions to improve our guess + wfRunHooks( 'GetIP', array( &$ip ) ); + + if( !$ip ) { + throw new MWException( "Unable to determine IP" ); + } + wfDebug( "IP: $ip\n" ); - $wgIP = $ip; return $ip; } @@ -114,15 +127,14 @@ function wfGetIP() { * Checks if an IP is a trusted proxy providor * Useful to tell if X-Fowarded-For data is possibly bogus * Squid cache servers for the site and AOL are whitelisted - * @param string $ip + * @param $ip String * @return bool */ function wfIsTrustedProxy( $ip ) { global $wgSquidServers, $wgSquidServersNoPurge; if ( in_array( $ip, $wgSquidServers ) || - in_array( $ip, $wgSquidServersNoPurge ) || - wfIsAOLProxy( $ip ) + in_array( $ip, $wgSquidServersNoPurge ) ) { $trusted = true; } else { @@ -165,7 +177,7 @@ function wfProxyCheck() { escapeshellarg( $port ), escapeshellarg( $url ) )); - exec( "php $params &>/dev/null &" ); + exec( "php $params >" . wfGetNull() . " 2>&1 &" ); } # Set MemCached key $wgMemc->set( $mcKey, 1, $wgProxyMemcExpiry ); @@ -174,9 +186,12 @@ function wfProxyCheck() { /** * Convert a network specification in CIDR notation to an integer network and a number of bits + * + * @deprecated Call IP::parseCIDR() directly, will be removed in 1.19 * @return array(string, int) */ function wfParseCIDR( $range ) { + wfDeprecated( __FUNCTION__ ); return IP::parseCIDR( $range ); } @@ -186,12 +201,11 @@ function wfParseCIDR( $range ) { */ function wfIsLocallyBlockedProxy( $ip ) { global $wgProxyList; - $fname = 'wfIsLocallyBlockedProxy'; if ( !$wgProxyList ) { return false; } - wfProfileIn( $fname ); + wfProfileIn( __METHOD__ ); if ( !is_array( $wgProxyList ) ) { # Load from the specified file @@ -208,53 +222,7 @@ function wfIsLocallyBlockedProxy( $ip ) { } else { $ret = false; } - wfProfileOut( $fname ); + wfProfileOut( __METHOD__ ); return $ret; } -/** - * TODO: move this list to the database in a global IP info table incorporating - * trusted ISP proxies, blocked IP addresses and open proxies. - * @return bool - */ -function wfIsAOLProxy( $ip ) { - $ranges = array( - '64.12.96.0/19', - '149.174.160.0/20', - '152.163.240.0/21', - '152.163.248.0/22', - '152.163.252.0/23', - '152.163.96.0/22', - '152.163.100.0/23', - '195.93.32.0/22', - '195.93.48.0/22', - '195.93.64.0/19', - '195.93.96.0/19', - '195.93.16.0/20', - '198.81.0.0/22', - '198.81.16.0/20', - '198.81.8.0/23', - '202.67.64.128/25', - '205.188.192.0/20', - '205.188.208.0/23', - '205.188.112.0/20', - '205.188.146.144/30', - '207.200.112.0/21', - ); - - static $parsedRanges; - if ( is_null( $parsedRanges ) ) { - $parsedRanges = array(); - foreach ( $ranges as $range ) { - $parsedRanges[] = IP::parseRange( $range ); - } - } - - $hex = IP::toHex( $ip ); - foreach ( $parsedRanges as $range ) { - if ( $hex >= $range[0] && $hex <= $range[1] ) { - return true; - } - } - return false; -}