X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FProxyTools.php;h=bc01a6e8c1a5f7198a82501156369679d349fea9;hb=fd03a2922af901d5c12e1039aed84647efd757f6;hp=76b92bffd7d7630963a07fa651fc8b6038174b09;hpb=16842c0b7378cbf8f5a5c97b42dca3bce4f09e21;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php index 76b92bffd7..bc01a6e8c1 100644 --- a/includes/ProxyTools.php +++ b/includes/ProxyTools.php @@ -7,127 +7,46 @@ /** * Extracts the XFF string from the request header - * Checks first for "X-Forwarded-For", then "Client-ip" * Note: headers are spoofable + * + * @deprecated in 1.19; use $wgRequest->getHeader( 'X-Forwarded-For' ) instead. * @return string */ function wfGetForwardedFor() { - $apacheHeaders = function_exists( 'apache_request_headers' ) ? apache_request_headers() : null; - if( is_array( $apacheHeaders ) ) { - // More reliable than $_SERVER due to case and -/_ folding - $set = array(); - foreach ( $apacheHeaders as $tempName => $tempValue ) { - $set[ strtoupper( $tempName ) ] = $tempValue; - } - $index = strtoupper ( 'X-Forwarded-For' ); - $index2 = strtoupper ( 'Client-ip' ); - } else { - // Subject to spoofing with headers like X_Forwarded_For - $set = $_SERVER; - $index = 'HTTP_X_FORWARDED_FOR'; - $index2 = 'CLIENT-IP'; - } - - #Try a couple of headers - if( isset( $set[$index] ) ) { - return $set[$index]; - } elseif( isset( $set[$index2] ) ) { - return $set[$index2]; - } else { - return null; - } + global $wgRequest; + return $wgRequest->getHeader( 'X-Forwarded-For' ); } /** * Returns the browser/OS data from the request header * Note: headers are spoofable * - * @deprecated in 1.19; use $wgRequest->getHeader( 'User-Agent' ) instead. + * @deprecated in 1.18; use $wgRequest->getHeader( 'User-Agent' ) instead. * @return string */ function wfGetAgent() { wfDeprecated( __FUNCTION__ ); - if( function_exists( 'apache_request_headers' ) ) { - // More reliable than $_SERVER due to case and -/_ folding - $set = array(); - foreach ( apache_request_headers() as $tempName => $tempValue ) { - $set[ strtoupper( $tempName ) ] = $tempValue; - } - $index = strtoupper ( 'User-Agent' ); - } else { - // Subject to spoofing with headers like X_Forwarded_For - $set = $_SERVER; - $index = 'HTTP_USER_AGENT'; - } - if( isset( $set[$index] ) ) { - return $set[$index]; - } else { - return ''; - } + global $wgRequest; + return $wgRequest->getHeader( 'User-Agent' ); } /** * Work out the IP address based on various globals * For trusted proxies, use the XFF client IP (first of the chain) + * + * @deprecated in 1.19; call $wgRequest->getIP() directly. * @return string */ function wfGetIP() { - global $wgUsePrivateIPs, $wgCommandLineMode; - static $ip = false; - - # Return cached result - if ( !empty( $ip ) ) { - return $ip; - } - - /* collect the originating ips */ - # Client connecting to this webserver - if ( isset( $_SERVER['REMOTE_ADDR'] ) ) { - $ip = IP::canonicalize( $_SERVER['REMOTE_ADDR'] ); - } elseif( $wgCommandLineMode ) { - $ip = '127.0.0.1'; - } - - # Append XFF - $forwardedFor = wfGetForwardedFor(); - if ( $forwardedFor !== null ) { - $ipchain = array_map( 'trim', explode( ',', $forwardedFor ) ); - $ipchain = array_reverse( $ipchain ); - if ( $ip ) { - array_unshift( $ipchain, $ip ); - } - - # Step through XFF list and find the last address in the list which is a trusted server - # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) - foreach ( $ipchain as $i => $curIP ) { - $curIP = IP::canonicalize( $curIP ); - if ( wfIsTrustedProxy( $curIP ) ) { - if ( isset( $ipchain[$i + 1] ) ) { - if( $wgUsePrivateIPs || IP::isPublic( $ipchain[$i + 1 ] ) ) { - $ip = $ipchain[$i + 1]; - } - } - } else { - break; - } - } - } - - # Allow extensions to improve our guess - wfRunHooks( 'GetIP', array( &$ip ) ); - - if( !$ip ) { - throw new MWException( "Unable to determine IP" ); - } - - wfDebug( "IP: $ip\n" ); - return $ip; + global $wgRequest; + return $wgRequest->getIP(); } /** - * Checks if an IP is a trusted proxy providor - * Useful to tell if X-Fowarded-For data is possibly bogus - * Squid cache servers for the site and AOL are whitelisted + * Checks if an IP is a trusted proxy providor. + * Useful to tell if X-Fowarded-For data is possibly bogus. + * Squid cache servers for the site are whitelisted. + * * @param $ip String * @return bool */ @@ -146,14 +65,14 @@ function wfIsTrustedProxy( $ip ) { */ function wfProxyCheck() { global $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath; - global $wgMemc, $wgProxyMemcExpiry; + global $wgMemc, $wgProxyMemcExpiry, $wgRequest; global $wgProxyKey; if ( !$wgBlockOpenProxies ) { return; } - $ip = wfGetIP(); + $ip = $wgRequest->getIP(); # Get MemCached key $mcKey = wfMemcKey( 'proxy', 'ip', $ip ); @@ -164,7 +83,7 @@ function wfProxyCheck() { if ( !$skip ) { $title = SpecialPage::getTitleFor( 'Blockme' ); $iphash = md5( $ip . $wgProxyKey ); - $url = $title->getFullURL( 'ip='.$iphash ); + $url = wfExpandUrl( $title->getFullURL( 'ip='.$iphash ), PROTO_HTTP ); foreach ( $wgProxyPorts as $port ) { $params = implode( ' ', array( @@ -179,35 +98,3 @@ function wfProxyCheck() { $wgMemc->set( $mcKey, 1, $wgProxyMemcExpiry ); } } - -/** - * Check if an IP address is in the local proxy list - * @return bool - */ -function wfIsLocallyBlockedProxy( $ip ) { - global $wgProxyList; - - if ( !$wgProxyList ) { - return false; - } - wfProfileIn( __METHOD__ ); - - if ( !is_array( $wgProxyList ) ) { - # Load from the specified file - $wgProxyList = array_map( 'trim', file( $wgProxyList ) ); - } - - if ( !is_array( $wgProxyList ) ) { - $ret = false; - } elseif ( array_search( $ip, $wgProxyList ) !== false ) { - $ret = true; - } elseif ( array_key_exists( $ip, $wgProxyList ) ) { - # Old-style flipped proxy list - $ret = true; - } else { - $ret = false; - } - wfProfileOut( __METHOD__ ); - return $ret; -} -