From bda7e863efb6c2bac1ce7b8a5bf7a7b1bfea251a Mon Sep 17 00:00:00 2001
From: umherirrender <umherirrender_de.wp@web.de>
Date: Mon, 27 Jan 2014 21:00:21 +0100
Subject: [PATCH] Ignore 'unknown' in XFF

Can come from Squid
http://www.squid-cache.org/Doc/config/forwarded_for/

Bug: 57467
Change-Id: I3fd3170d31a1aff2e748302c30dd6e364ed3bdcd
---
 includes/WebRequest.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index b42564c5ed..a52894de96 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -1128,6 +1128,10 @@ HTML;
 			# unless the address is not sensible (e.g. private). However, prefer private
 			# IP addresses over proxy servers controlled by this site (more sensible).
 			foreach ( $ipchain as $i => $curIP ) {
+				// ignore 'unknown' value from Squid when 'forwarded_for off' and try next
+				if ( $curIP === 'unknown' ) {
+					continue;
+				}
 				$curIP = IP::sanitizeIP( IP::canonicalize( $curIP ) );
 				if ( wfIsTrustedProxy( $curIP ) && isset( $ipchain[$i + 1] ) ) {
 					if ( wfIsConfiguredProxy( $curIP ) || // bug 48919; treat IP as sane
-- 
2.20.1