From: Anders Wegge Jakobsen Date: Fri, 7 Mar 2008 22:12:34 +0000 (+0000) Subject: Fix for 13281: Normalize header names as per RFC 2616 X-Git-Tag: 1.31.0-rc.0~49208 X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/exercices/supprimer.php?a=commitdiff_plain;h=65f73d8439e42ccbca0eae00d6748cae8ca5849b;p=lhc%2Fweb%2Fwiklou.git Fix for 13281: Normalize header names as per RFC 2616 --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 88273715ac..af1c54c5b8 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -75,6 +75,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * (bug 13273) "Categories:" message at the bottom of the page shouldn't have hardcoded colon, use new 'colon-separator' message instead * Parse MediaWiki message translations with a correct language setting on preview +* (bug 13281) Treat X-Forwarde-For, Client-ip and User-Agent headers as + case-insensitive names. === API changes in 1.13 === diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php index cdaafbe677..270edb1d28 100644 --- a/includes/ProxyTools.php +++ b/includes/ProxyTools.php @@ -12,15 +12,19 @@ function wfGetForwardedFor() { if( function_exists( 'apache_request_headers' ) ) { // More reliable than $_SERVER due to case and -/_ folding - $set = apache_request_headers(); - $index = 'X-Forwarded-For'; - $index2 = 'Client-ip'; + $set = array (); + foreach ( apache_request_headers() as $tempName => $tempValue ) { + $set[ strtoupper( $tempName ) ] = $tempValue; + } + $index = strtoupper ( 'X-Forwarded-For' ); + $index2 = strtoupper ( 'Client-ip' ); } else { // Subject to spoofing with headers like X_Forwarded_For $set = $_SERVER; $index = 'HTTP_X_FORWARDED_FOR'; $index2 = 'CLIENT-IP'; } + #Try a couple of headers if( isset( $set[$index] ) ) { return $set[$index]; @@ -39,8 +43,11 @@ function wfGetForwardedFor() { function wfGetAgent() { if( function_exists( 'apache_request_headers' ) ) { // More reliable than $_SERVER due to case and -/_ folding - $set = apache_request_headers(); - $index = 'User-Agent'; + $set = array (); + foreach ( apache_request_headers() as $tempName => $tempValue ) { + $set[ strtoupper( $tempName ) ] = $tempValue; + } + $index = strtoupper ( 'User-Agent' ); } else { // Subject to spoofing with headers like X_Forwarded_For $set = $_SERVER;