From: Chad Horohoe Date: Tue, 19 Jul 2016 15:20:43 +0000 (-0700) Subject: Remove support for getenv('http_proxy') in MediaWiki X-Git-Tag: 1.31.0-rc.0~6346 X-Git-Url: http://git.cyclocoop.org/%7B%7B%20url_for%28%27admin_vote_del%27%2C%20idvote=vote.voteid%29%20%7D%7D?a=commitdiff_plain;h=425ee18e3b7d874d56d7644e4683171796aae024;p=lhc%2Fweb%2Fwiklou.git Remove support for getenv('http_proxy') in MediaWiki PHP (and other programming languages) are vulnerable to an exploit when making external requests via a proxy when a client provides a Proxy header. See https://httpoxy.org/ for more information. MediaWiki now requires $wgHTTPProxy to be set when attempting to use a proxy for requests and can no longer rely on http_proxy environment variables. As it exists, this code is inherently unsafe on case-insensitive platforms (eg: Windows) and hard to be sure of for other platforms. All users using a proxy for MediaWiki and *not* setting $wgHTTPProxy are advised to do so immediately to mitigate this problem. This will be required as of the next security release. All extensions maintained in Git/Gerrit appear to be Doing The Right Thing and not trying to use getenv('http_proxy') directly. This would be a bad thing to start doing. Call Http::getProxy() if you need to manually get a proxy from MW for external requests. Bug: T140658 Change-Id: I122583ad98d867c5855c3e2f955fe47787668589 --- diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28 index ff8e0386b6..831ad58345 100644 --- a/RELEASE-NOTES-1.28 +++ b/RELEASE-NOTES-1.28 @@ -6,6 +6,9 @@ MediaWiki 1.28 is an alpha-quality branch and is not recommended for use in production. === Configuration changes in 1.28 === +* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests + made by MediaWiki via a proxy. Relying on the http_proxy environment + variable is no longer supported. * The load.php entry point now enforces the existing policy of not allowing access to session data, which includes the session user and the session user's language. If such access is attempted, an exception will be thrown. diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php index b12f49f0b0..694bbb5fd7 100644 --- a/includes/HttpFunctions.php +++ b/includes/HttpFunctions.php @@ -194,7 +194,7 @@ class Http { } /** - * Gets the relevant proxy from $wgHTTPProxy/http_proxy (when set). + * Gets the relevant proxy from $wgHTTPProxy * * @return mixed The proxy address or an empty string if not set. */ @@ -205,11 +205,6 @@ class Http { return $wgHTTPProxy; } - $envHttpProxy = getenv( "http_proxy" ); - if ( $envHttpProxy ) { - return $envHttpProxy; - } - return ""; } } @@ -393,7 +388,7 @@ class MWHttpRequest { return; } - // Otherwise, fallback to $wgHTTPProxy/http_proxy (when set) if this is not a machine + // Otherwise, fallback to $wgHTTPProxy if this is not a machine // local URL and proxies are not disabled if ( Http::isLocalURL( $this->url ) || $this->noProxy ) { $this->proxy = '';