r89407 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r89406‎ | r89407 | r89408 >
Date:10:55, 3 June 2011
Author:ialex
Status:ok (Comments)
Tags:
Comment:
Don't execute the loop if there's no X-Forwarded-For header, also don't use isset() to check only for null
Modified paths:
  • /trunk/phase3/includes/ProxyTools.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/ProxyTools.php
@@ -80,8 +80,6 @@
8181 return $ip;
8282 }
8383
84 - $ipchain = array();
85 -
8684 /* collect the originating ips */
8785 # Client connecting to this webserver
8886 if ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
@@ -89,30 +87,29 @@
9088 } elseif( $wgCommandLineMode ) {
9189 $ip = '127.0.0.1';
9290 }
93 - if( $ip ) {
94 - $ipchain[] = $ip;
95 - }
9691
97 - # Append XFF on to $ipchain
 92+ # Append XFF
9893 $forwardedFor = wfGetForwardedFor();
99 - if ( isset( $forwardedFor ) ) {
100 - $xff = array_map( 'trim', explode( ',', $forwardedFor ) );
101 - $xff = array_reverse( $xff );
102 - $ipchain = array_merge( $ipchain, $xff );
103 - }
 94+ if ( $forwardedFor !== null ) {
 95+ $ipchain = array_map( 'trim', explode( ',', $forwardedFor ) );
 96+ $ipchain = array_reverse( $ipchain );
 97+ if ( $ip ) {
 98+ array_unshift( $ipchain, $ip );
 99+ }
104100
105 - # Step through XFF list and find the last address in the list which is a trusted server
106 - # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private)
107 - foreach ( $ipchain as $i => $curIP ) {
108 - $curIP = IP::canonicalize( $curIP );
109 - if ( wfIsTrustedProxy( $curIP ) ) {
110 - if ( isset( $ipchain[$i + 1] ) ) {
111 - if( $wgUsePrivateIPs || IP::isPublic( $ipchain[$i + 1 ] ) ) {
112 - $ip = $ipchain[$i + 1];
 101+ # Step through XFF list and find the last address in the list which is a trusted server
 102+ # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private)
 103+ foreach ( $ipchain as $i => $curIP ) {
 104+ $curIP = IP::canonicalize( $curIP );
 105+ if ( wfIsTrustedProxy( $curIP ) ) {
 106+ if ( isset( $ipchain[$i + 1] ) ) {
 107+ if( $wgUsePrivateIPs || IP::isPublic( $ipchain[$i + 1 ] ) ) {
 108+ $ip = $ipchain[$i + 1];
 109+ }
113110 }
 111+ } else {
 112+ break;
114113 }
115 - } else {
116 - break;
117114 }
118115 }
119116

Follow-up revisions

RevisionCommit summaryAuthorDate
r94558Tests for wfGetIP() follow up r89407...hashar20:16, 15 August 2011
r94638Tests for wfGetIP() follow up r89407...hashar14:15, 16 August 2011

Comments

#Comment by Brion VIBBER (talk | contribs)   22:15, 3 June 2011

If refactoring, can you go ahead and add some unit test cases? This always helps to build confidence that the modified code works correctly (though it looks ok offhand).

#Comment by IAlex (talk | contribs)   20:45, 7 June 2011

The problem is that $ip is declared as static, meaning that the entire code can be executed only once, and it is not possible to reset it without throwing an exception using the GetIP hook. Should we move this to a class, e.g. WebRequest since it's heavily request-dependant, and so we would be able to run it more than once?

#Comment by Brion VIBBER (talk | contribs)   20:51, 7 June 2011

You would at least need to provide a way to set that context for the tests, yes. Preferably test with *as few changes as possible* before considering any larger refactoring. Also beware of adding dependencies, as some of this code gets run early on in the framework setup.

#Comment by Hashar (talk | contribs)   15:12, 16 August 2011

IAlex, with r94638 you can now reset the $ip static by using wfGetIP( 'reset' );

#Comment by IAlex (talk | contribs)   20:52, 18 August 2011

Tests added in r94932.

Status & tagging log