r96368 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r96367‎ \| r96368 \| r96369 >
Date:	20:33, 6 September 2011
Author:	ialex
Status:	ok
Tags:
Comment:	* Call $wgRequest->getHeader( 'X-Forwarded-For' ) instead of wfGetForwardedFor(), the latter is deprecated * Merged CheckUserHooks::XFFChainIsSquid() into CheckUserHooks::getClientIPfromXFF() and changed the second item to be the value returned by XFFChainIsSquid() since $trusted was not used anywhere
Modified paths:	/trunk/extensions/CheckUser/CheckUser.hooks.php (modified) (history)

Diff [purge]

Index: trunk/extensions/CheckUser/CheckUser.hooks.php
—	—	@@ -12,10 +12,8 @@
13	13	// Get IP
14	14	$ip = wfGetIP();
15	15	// Get XFF header
16		~~- $xff = wfGetForwardedFor();~~
17		~~- list( $xff_ip, $trusted ) = self::getClientIPfromXFF( $xff );~~
18		~~- // Our squid XFFs can flood this up sometimes~~
19		~~- $isSquidOnly = self::XFFChainIsSquid( $xff );~~
	16	+ $xff = $wgRequest->getHeader( 'X-Forwarded-For' );
	17	+ list( $xff_ip, $isSquidOnly ) = self::getClientIPfromXFF( $xff );
20	18	// Get agent
21	19	$agent = $wgRequest->getHeader( 'User-Agent' );
22	20	// Store the log action text for log events
—	—	@@ -78,10 +76,8 @@
79	77	global $wgRequest;
80	78
81	79	// Get XFF header
82		~~- $xff = wfGetForwardedFor();~~
83		~~- list( $xff_ip, $trusted ) = self::getClientIPfromXFF( $xff );~~
84		~~- // Our squid XFFs can flood this up sometimes~~
85		~~- $isSquidOnly = self::XFFChainIsSquid( $xff );~~
	80	+ $xff = $wgRequest->getHeader( 'X-Forwarded-For' );
	81	+ list( $xff_ip, $isSquidOnly ) = self::getClientIPfromXFF( $xff );
86	82	// Get agent
87	83	$agent = $wgRequest->getHeader( 'User-Agent' );
88	84	$dbw = wfGetDB( DB_MASTER );
—	—	@@ -125,10 +121,8 @@
126	122	// Get IP
127	123	$ip = wfGetIP();
128	124	// Get XFF header
129		~~- $xff = wfGetForwardedFor();~~
130		~~- list( $xff_ip, $trusted ) = self::getClientIPfromXFF( $xff );~~
131		~~- // Our squid XFFs can flood this up sometimes~~
132		~~- $isSquidOnly = self::XFFChainIsSquid( $xff );~~
	125	+ $xff = $wgRequest->getHeader( 'X-Forwarded-For' );
	126	+ list( $xff_ip, $isSquidOnly ) = self::getClientIPfromXFF( $xff );
133	127	// Get agent
134	128	$agent = $wgRequest->getHeader( 'User-Agent' );
135	129	$dbw = wfGetDB( DB_MASTER );
—	—	@@ -180,10 +174,8 @@
181	175	// Get IP
182	176	$ip = wfGetIP();
183	177	// Get XFF header
184		~~- $xff = wfGetForwardedFor();~~
185		~~- list( $xff_ip, $trusted ) = self::getClientIPfromXFF( $xff );~~
186		~~- // Our squid XFFs can flood this up sometimes~~
187		~~- $isSquidOnly = self::XFFChainIsSquid( $xff );~~
	178	+ $xff = $wgRequest->getHeader( 'X-Forwarded-For' );
	179	+ list( $xff_ip, $isSquidOnly ) = self::getClientIPfromXFF( $xff );
188	180	// Get agent
189	181	$agent = $wgRequest->getHeader( 'User-Agent' );
190	182	$dbw = wfGetDB( DB_MASTER );
—	—	@@ -228,16 +220,19 @@
229	221	/**
230	222	* Locates the client IP within a given XFF string
231	223	* @param string $xff
232		~~- * @param string $address, the ip that sent this header (optional)~~
233	224	* @return array( string, bool )
234	225	*/
235		~~- public static function getClientIPfromXFF( $xff, $address = null ) {~~
	226	+ public static function getClientIPfromXFF( $xff ) {
	227	+ global $wgSquidServers, $wgSquidServersNoPurge;
	228	+
236	229	if ( !$xff ) {
237	230	return array( null, false );
238	231	}
	232	+
239	233	// Avoid annoyingly long xff hacks
240	234	$xff = trim( substr( $xff, 0, 255 ) );
241	235	$client = null;
	236	+ $isSquidOnly = true;
242	237	$trusted = true;
243	238	// Check each IP, assuming they are separated by commas
244	239	$ips = explode( ',', $xff );
—	—	@@ -251,51 +246,18 @@
252	247	if ( IP::isPublic( $ip ) ) {
253	248	$client = $ip;
254	249	}
255		~~- # Check that all servers are trusted~~
256		~~- } elseif ( !wfIsTrustedProxy( $ip ) ) {~~
257		~~- $trusted = false;~~
258		~~- break;~~
259		~~- }~~
260		~~- }~~
261		~~- }~~
262		~~- // We still have to test if the IP that sent~~
263		~~- // this header is trusted to confirm results~~
264		~~- if ( $client != $address && ( !$address \|\| !wfIsTrustedProxy( $address ) ) ) {~~
265		~~- $trusted = false;~~
266		~~- }~~
267		-
268		~~- return array( $client, $trusted );~~
269		~~- }~~
270		-
271		~~- public static function XFFChainIsSquid( $xff ) {~~
272		~~- global $wgSquidServers, $wgSquidServersNoPurge;~~
273		-
274		~~- if ( !$xff ) {~~
275		~~- false;~~
276		~~- }~~
277		~~- // Avoid annoyingly long xff hacks~~
278		~~- $xff = trim( substr( $xff, 0, 255 ) );~~
279		~~- $squidOnly = true;~~
280		~~- // Check each IP, assuming they are separated by commas~~
281		~~- $ips = explode( ',', $xff );~~
282		~~- foreach ( $ips as $n => $ip ) {~~
283		~~- $ip = trim( $ip );~~
284		~~- // If it is a valid IP, not a hash or such~~
285		~~- if ( IP::isIPAddress( $ip ) ) {~~
286		~~- if ( $n == 0 ) {~~
287		~~- // The first IP should be the client...~~
288	250	} elseif ( !in_array( $ip, $wgSquidServers )
289	251	&& !in_array( $ip, $wgSquidServersNoPurge ) )
290	252	{
291		~~- $squidOnly = false;~~
	253	+ $isSquidOnly = false;
292	254	break;
293	255	}
294	256	}
295	257	}
296		-
297		~~- return $squidOnly;~~
	258	+
	259	+ return array( $client, $isSquidOnly );
298	260	}
299		-
	261	+
300	262	public static function checkUserSchemaUpdates( DatabaseUpdater $updater ) {
301	263	$base = dirname( __FILE__ );
302	264

Status & tagging log

21:56, 28 September 2011 Aaron Schulz (talk | contribs) changed the status of r96368 [removed: new added: ok]