Merge "(bug 26585) Detect CSV/array values in $_SERVER['REMOTE_ADDR']."

diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index 7005416..aeac694 100644 (file)
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -1047,11 +1047,17 @@ HTML;
         * @return String
         */
        protected function getRawIP() {
-               if ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
-                       return IP::canonicalize( $_SERVER['REMOTE_ADDR'] );
-               } else {
+               if ( !isset( $_SERVER['REMOTE_ADDR'] ) ) {
                        return null;
                }
+
+               if ( is_array( $_SERVER['REMOTE_ADDR'] ) || strpos( $_SERVER['REMOTE_ADDR'], ',' ) !== false ) {
+                       throw new MWException( __METHOD__ . " : Could not determine the remote IP address due to multiple values." );
+               } else {
+                       $ipchain = $_SERVER['REMOTE_ADDR'];
+               }
+
+               return IP::canonicalize( $ipchain );
        }
 
        /**