* Most presentational html attributes like valign are now converted to inline
css style rules. These attributes were removed from html5 and so we clean them up
when $wgHtml5 is enabled. This can be disabled using $wgCleanupPresentationalAttributes.
-* When MediaWiki is being run behind a proxy, the X-Real-IP header is now also checked
- to determine the client's actual IP address.
=== Bug fixes in 1.19 ===
* $wgUploadNavigationUrl should be used for file redlinks if
* jquery.mwPrototypes module was renamed to jquery.mwExtension.
* The maintenance script populateSha1.php was renamed to the more concise
populateImageSha1.php
+* The Client-IP header is no longer checked for when trying to resolve a client's
+ real IP address.
== Compatibility ==
/**
* Extracts the XFF string from the request header
- * Checks first for "X-Forwarded-For", then "Client-ip", then "X-Real-IP"
* Note: headers are spoofable
* @return string
*/
$set[ strtoupper( $tempName ) ] = $tempValue;
}
$index = strtoupper ( 'X-Forwarded-For' );
- $index2 = strtoupper ( 'Client-ip' );
- $index3 = strtoupper ( 'X-Real-IP' );
} else {
// Subject to spoofing with headers like X_Forwarded_For
$set = $_SERVER;
$index = 'HTTP_X_FORWARDED_FOR';
- $index2 = 'CLIENT-IP';
- $index3 = 'HTTP_X_REAL_IP';
}
- #Try a couple of headers
+ #Try to see if XFF is set
if( isset( $set[$index] ) ) {
return $set[$index];
- } elseif( isset( $set[$index2] ) ) {
- return $set[$index2];
- } elseif( isset( $set[$index3] ) ) {
- return $set[$index3];
} else {
return null;
}