X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FProxyTools.php;h=5719e3e8d6a179bcd3b5c50055f11af7bf2e42fe;hb=2b9139e9ebb426c712c44288bf46c37344407a11;hp=534ebbc164149b76574d17323dabf63cd20a2398;hpb=79d5225c0e864482269e2315f47b899697681e52;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php index 534ebbc164..5719e3e8d6 100644 --- a/includes/ProxyTools.php +++ b/includes/ProxyTools.php @@ -1,6 +1,7 @@ $curIP ) { $curIP = IP::canonicalize( $curIP ); if ( wfIsTrustedProxy( $curIP ) ) { - if ( isset( $ipchain[$i + 1] ) && IP::isPublic( $ipchain[$i + 1] ) ) { - $ip = $ipchain[$i + 1]; + if ( isset( $ipchain[$i + 1] ) ) { + if( $wgUsePrivateIPs || IP::isPublic( $ipchain[$i + 1 ] ) ) { + $ip = $ipchain[$i + 1]; + } } } else { break; } } + if( !$ip ) { + throw new MWException( "Unable to determine IP" ); + } + wfDebug( "IP: $ip\n" ); $wgIP = $ip; return $ip; @@ -113,15 +124,14 @@ function wfGetIP() { * Checks if an IP is a trusted proxy providor * Useful to tell if X-Fowarded-For data is possibly bogus * Squid cache servers for the site and AOL are whitelisted - * @param string $ip + * @param $ip String * @return bool */ function wfIsTrustedProxy( $ip ) { global $wgSquidServers, $wgSquidServersNoPurge; if ( in_array( $ip, $wgSquidServers ) || - in_array( $ip, $wgSquidServersNoPurge ) || - wfIsAOLProxy( $ip ) + in_array( $ip, $wgSquidServersNoPurge ) ) { $trusted = true; } else { @@ -164,7 +174,7 @@ function wfProxyCheck() { escapeshellarg( $port ), escapeshellarg( $url ) )); - exec( "php $params &>/dev/null &" ); + exec( "php $params >" . wfGetNull() . " 2>&1 &" ); } # Set MemCached key $wgMemc->set( $mcKey, 1, $wgProxyMemcExpiry ); @@ -185,12 +195,11 @@ function wfParseCIDR( $range ) { */ function wfIsLocallyBlockedProxy( $ip ) { global $wgProxyList; - $fname = 'wfIsLocallyBlockedProxy'; if ( !$wgProxyList ) { return false; } - wfProfileIn( $fname ); + wfProfileIn( __METHOD__ ); if ( !is_array( $wgProxyList ) ) { # Load from the specified file @@ -207,53 +216,7 @@ function wfIsLocallyBlockedProxy( $ip ) { } else { $ret = false; } - wfProfileOut( $fname ); + wfProfileOut( __METHOD__ ); return $ret; } -/** - * TODO: move this list to the database in a global IP info table incorporating - * trusted ISP proxies, blocked IP addresses and open proxies. - * @return bool - */ -function wfIsAOLProxy( $ip ) { - $ranges = array( - '64.12.96.0/19', - '149.174.160.0/20', - '152.163.240.0/21', - '152.163.248.0/22', - '152.163.252.0/23', - '152.163.96.0/22', - '152.163.100.0/23', - '195.93.32.0/22', - '195.93.48.0/22', - '195.93.64.0/19', - '195.93.96.0/19', - '195.93.16.0/20', - '198.81.0.0/22', - '198.81.16.0/20', - '198.81.8.0/23', - '202.67.64.128/25', - '205.188.192.0/20', - '205.188.208.0/23', - '205.188.112.0/20', - '205.188.146.144/30', - '207.200.112.0/21', - ); - - static $parsedRanges; - if ( is_null( $parsedRanges ) ) { - $parsedRanges = array(); - foreach ( $ranges as $range ) { - $parsedRanges[] = IP::parseRange( $range ); - } - } - - $hex = IP::toHex( $ip ); - foreach ( $parsedRanges as $range ) { - if ( $hex >= $range[0] && $hex <= $range[1] ) { - return true; - } - } - return false; -}