* Reject malformed addresses in X-Forwarded-For entries

author Brion Vibber <brion@users.mediawiki.org>

Thu, 13 Apr 2006 01:03:30 +0000 (01:03 +0000)

committer Brion Vibber <brion@users.mediawiki.org>

Thu, 13 Apr 2006 01:03:30 +0000 (01:03 +0000)
author Brion Vibber <brion@users.mediawiki.org>
Thu, 13 Apr 2006 01:03:30 +0000 (01:03 +0000)
committer Brion Vibber <brion@users.mediawiki.org>
Thu, 13 Apr 2006 01:03:30 +0000 (01:03 +0000)
diff --git a/RELEASE-NOTES b/RELEASE-NOTES

index 059961d..d5eec3e 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -60,6 +60,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
  * Add TALKSPACE, SUBJECTSPACE, TALKPAGENAME, SUBJECTPAGENAME (and encoded forms for all)
    magic words
  * (bug 5403) Fix Special:Newpages RSS/Atom feeds
+* Reject malformed addresses in X-Forwarded-For entries
  
  
  == Compatibility ==
diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php

index 7b8e144..bed79c1 100644 (file)
--- a/includes/ProxyTools.php
+++ b/includes/ProxyTools.php
@@ -103,6 +103,12 @@ function wfIsIPPublic( $ip ) {
         if ( !$n ) {
                 return false;
         }
+       
+       // ip2long accepts incomplete addresses, as well as some addresses
+       // followed by garbage characters. Check that it's really valid.
+       if( $ip != long2ip( $n ) ) {
+               return false;
+       }
  
         static $privateRanges = false;
         if ( !$privateRanges ) {
author	Brion Vibber <brion@users.mediawiki.org>
	Thu, 13 Apr 2006 01:03:30 +0000 (01:03 +0000)
committer	Brion Vibber <brion@users.mediawiki.org>
	Thu, 13 Apr 2006 01:03:30 +0000 (01:03 +0000)
RELEASE-NOTES		patch \| blob \| history
includes/ProxyTools.php		patch \| blob \| history