From: Brion Vibber <brion@users.mediawiki.org>
Date: Thu, 13 Apr 2006 01:03:30 +0000 (+0000)
Subject: * Reject malformed addresses in X-Forwarded-For entries
X-Git-Tag: 1.31.0-rc.0~57503
X-Git-Url: http://git.cyclocoop.org/%24href?a=commitdiff_plain;h=bfe9356a07202899c59e5d3243d3faaf71646ed9;p=lhc%2Fweb%2Fwiklou.git

* Reject malformed addresses in X-Forwarded-For entries
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 059961d1ff..d5eec3e745 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -60,6 +60,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * Add TALKSPACE, SUBJECTSPACE, TALKPAGENAME, SUBJECTPAGENAME (and encoded forms for all)
   magic words
 * (bug 5403) Fix Special:Newpages RSS/Atom feeds
+* Reject malformed addresses in X-Forwarded-For entries
 
 
 == Compatibility ==
diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php
index 7b8e144dee..bed79c1003 100644
--- a/includes/ProxyTools.php
+++ b/includes/ProxyTools.php
@@ -103,6 +103,12 @@ function wfIsIPPublic( $ip ) {
 	if ( !$n ) {
 		return false;
 	}
+	
+	// ip2long accepts incomplete addresses, as well as some addresses
+	// followed by garbage characters. Check that it's really valid.
+	if( $ip != long2ip( $n ) ) {
+		return false;
+	}
 
 	static $privateRanges = false;
 	if ( !$privateRanges ) {