From bfe9356a07202899c59e5d3243d3faaf71646ed9 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Thu, 13 Apr 2006 01:03:30 +0000
Subject: [PATCH] * Reject malformed addresses in X-Forwarded-For entries

---
 RELEASE-NOTES           | 1 +
 includes/ProxyTools.php | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 059961d1ff..d5eec3e745 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -60,6 +60,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * Add TALKSPACE, SUBJECTSPACE, TALKPAGENAME, SUBJECTPAGENAME (and encoded forms for all)
   magic words
 * (bug 5403) Fix Special:Newpages RSS/Atom feeds
+* Reject malformed addresses in X-Forwarded-For entries
 
 
 == Compatibility ==
diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php
index 7b8e144dee..bed79c1003 100644
--- a/includes/ProxyTools.php
+++ b/includes/ProxyTools.php
@@ -103,6 +103,12 @@ function wfIsIPPublic( $ip ) {
 	if ( !$n ) {
 		return false;
 	}
+	
+	// ip2long accepts incomplete addresses, as well as some addresses
+	// followed by garbage characters. Check that it's really valid.
+	if( $ip != long2ip( $n ) ) {
+		return false;
+	}
 
 	static $privateRanges = false;
 	if ( !$privateRanges ) {
-- 
2.20.1