| Index: trunk/phase3/includes/ProxyTools.php |
| — | — | @@ -3,6 +3,12 @@ |
| 4 | 4 | * Functions for dealing with proxies |
| 5 | 5 | */ |
| 6 | 6 | |
| | 7 | +/** |
| | 8 | + * Extracts the XFF string from the request header |
| | 9 | + * Checks first for "X-Forwarded-For", then "Client-ip" |
| | 10 | + * Note: headers are spoofable |
| | 11 | + * @return string |
| | 12 | + */ |
| 7 | 13 | function wfGetForwardedFor() { |
| 8 | 14 | if( function_exists( 'apache_request_headers' ) ) { |
| 9 | 15 | // More reliable than $_SERVER due to case and -/_ folding |
| — | — | @@ -44,6 +50,11 @@ |
| 45 | 51 | return null; |
| 46 | 52 | } |
| 47 | 53 | |
| | 54 | +/** |
| | 55 | + * Returns the browser/OS data from the request header |
| | 56 | + * Note: headers are spoofable |
| | 57 | + * @return string |
| | 58 | + */ |
| 48 | 59 | function wfGetAgent() { |
| 49 | 60 | if( function_exists( 'apache_request_headers' ) ) { |
| 50 | 61 | // More reliable than $_SERVER due to case and -/_ folding |
| — | — | @@ -61,7 +72,11 @@ |
| 62 | 73 | } |
| 63 | 74 | } |
| 64 | 75 | |
| 65 | | -/** Work out the IP address based on various globals */ |
| | 76 | +/** |
| | 77 | + * Work out the IP address based on various globals |
| | 78 | + * For trusted proxies, use the XFF client IP (first of the chain) |
| | 79 | + * @return string |
| | 80 | + */ |
| 66 | 81 | function wfGetIP() { |
| 67 | 82 | global $wgIP; |
| 68 | 83 | |
| — | — | @@ -106,6 +121,13 @@ |
| 107 | 122 | return $ip; |
| 108 | 123 | } |
| 109 | 124 | |
| | 125 | +/** |
| | 126 | + * Checks if an IP is a trusted proxy providor |
| | 127 | + * Useful to tell if X-Fowarded-For data is possibly bogus |
| | 128 | + * Squid cache servers for the site and AOL are whitelisted |
| | 129 | + * @param string $ip |
| | 130 | + * @return bool |
| | 131 | + */ |
| 110 | 132 | function wfIsTrustedProxy( $ip ) { |
| 111 | 133 | global $wgSquidServers, $wgSquidServersNoPurge; |
| 112 | 134 | |
| — | — | @@ -170,6 +192,7 @@ |
| 171 | 193 | |
| 172 | 194 | /** |
| 173 | 195 | * Convert a network specification in CIDR notation to an integer network and a number of bits |
| | 196 | + * @return array(string, int) |
| 174 | 197 | */ |
| 175 | 198 | function wfParseCIDR( $range ) { |
| 176 | 199 | return IP::parseCIDR( $range ); |
| — | — | @@ -177,6 +200,7 @@ |
| 178 | 201 | |
| 179 | 202 | /** |
| 180 | 203 | * Check if an IP address is in the local proxy list |
| | 204 | + * @return bool |
| 181 | 205 | */ |
| 182 | 206 | function wfIsLocallyBlockedProxy( $ip ) { |
| 183 | 207 | global $wgProxyList; |
| — | — | @@ -209,6 +233,7 @@ |
| 210 | 234 | /** |
| 211 | 235 | * TODO: move this list to the database in a global IP info table incorporating |
| 212 | 236 | * trusted ISP proxies, blocked IP addresses and open proxies. |
| | 237 | + * @return bool |
| 213 | 238 | */ |
| 214 | 239 | function wfIsAOLProxy( $ip ) { |
| 215 | 240 | $ranges = array( |