exception metadata to JSON and logs it to the 'exception-json' log group.
This makes MediaWiki easier to integrate with log aggregation and analysis
tools.
+* $wgSquidServersNoPurge now supports the use of Classless Inter-Domain
+ Routing (CIDR) notation to specify contiguous blocks of IPv4 and/or IPv6
+ addresses that should be trusted to provide X-Forwarded-For headers.
=== New features in 1.23 ===
* ResourceLoader can utilize the Web Storage API to cache modules client-side.
/**
* As above, except these servers aren't purged on page changes; use to set a
- * list of trusted proxies, etc.
+ * list of trusted proxies, etc. Supports both individual IP addresses and
+ * CIDR blocks.
*/
$wgSquidServersNoPurge = array();
*/
function wfIsConfiguredProxy( $ip ) {
global $wgSquidServers, $wgSquidServersNoPurge;
- $trusted = in_array( $ip, $wgSquidServers ) ||
- in_array( $ip, $wgSquidServersNoPurge );
+
+ // quick check of known proxy servers
+ $trusted = in_array( $ip, $wgSquidServers );
+
+ if ( !$trusted ) {
+ // slightly slower check to see if the ip is listed directly or in a CIDR
+ // block in $wgSquidServersNoPurge
+ foreach ( $wgSquidServersNoPurge as $block ) {
+ if ( IP::isInRange( $ip, $block ) ) {
+ $trusted = true;
+ break;
+ }
+ }
+ }
return $trusted;
}
false,
'With X-Forwaded-For and private IP and hook (disallowed)'
),
+ array(
+ '12.0.0.1',
+ array(
+ 'REMOTE_ADDR' => 'abcd:0001:002:03:4:555:6666:7777',
+ 'HTTP_X_FORWARDED_FOR' => '12.0.0.1, abcd:0001:002:03:4:555:6666:7777',
+ ),
+ array( 'ABCD:1:2:3::/64' ),
+ array(),
+ false,
+ 'IPv6 CIDR'
+ ),
+ array(
+ '12.0.0.3',
+ array(
+ 'REMOTE_ADDR' => '12.0.0.1',
+ 'HTTP_X_FORWARDED_FOR' => '12.0.0.3, 12.0.0.2'
+ ),
+ array( '12.0.0.0/24' ),
+ array(),
+ false,
+ 'IPv4 CIDR'
+ ),
);
}
* @covers WebRequest::getIP
*/
public function testGetIpLackOfRemoteAddrThrowAnException() {
+ // ensure that local install state doesn't interfere with test
+ $this->setMwGlobals( array(
+ 'wgSquidServersNoPurge' => array(),
+ 'wgSquidServers' => array(),
+ 'wgUsePrivateIPs' => false,
+ 'wgHooks' => array(),
+ ) );
+
$request = new WebRequest();
# Next call throw an exception about lacking an IP
$request->getIP();