IP:isInRange() performs several moderately expensive tests via regular
expression matching that can cause unwanted load with a sufficiently
complicated runtime configuration. Check the $wgSquidServersNoPurge
value to see if it includes the CIDR mask separator token ('/') before
continuing on to perform those more expensive tests.
Follows up Ia81bed7d8b42a2d2b200a3ce45a74e3784cdca2a
Bug: 52829
Change-Id: Ia557cb54f3a1bf67c8282140ab748369faa83028
* As above, except these servers aren't purged on page changes; use to set a
* list of trusted proxies, etc. Supports both individual IP addresses and
* CIDR blocks.
+ * @since 1.23 Supports CIDR ranges
*/
$wgSquidServersNoPurge = array();
* Checks if an IP matches a proxy we've configured.
* @param $ip String
* @return bool
+ * @since 1.23 Supports CIDR ranges in $wgSquidServersNoPurge
*/
function wfIsConfiguredProxy( $ip ) {
global $wgSquidServers, $wgSquidServersNoPurge;
// slightly slower check to see if the ip is listed directly or in a CIDR
// block in $wgSquidServersNoPurge
foreach ( $wgSquidServersNoPurge as $block ) {
- if ( IP::isInRange( $ip, $block ) ) {
+ if ( strpos( $block, '/' ) !== false && IP::isInRange( $ip, $block ) ) {
$trusted = true;
break;
}