* @param float $default
* @return float
*/
- public function getFloat( $name, $default = 0 ) {
+ public function getFloat( $name, $default = 0.0 ) {
return floatval( $this->getVal( $name, $default ) );
}
public function getRequestURL() {
if ( isset( $_SERVER['REQUEST_URI'] ) && strlen( $_SERVER['REQUEST_URI'] ) ) {
$base = $_SERVER['REQUEST_URI'];
- } elseif ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] ) && strlen( $_SERVER['HTTP_X_ORIGINAL_URL'] ) ) {
+ } elseif ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] )
+ && strlen( $_SERVER['HTTP_X_ORIGINAL_URL'] )
+ ) {
// Probably IIS; doesn't set REQUEST_URI
$base = $_SERVER['HTTP_X_ORIGINAL_URL'];
} elseif ( isset( $_SERVER['SCRIPT_NAME'] ) ) {
We can't serve non-HTML content from the URL you have requested, because
Internet Explorer would interpret it as an incorrect and potentially dangerous
content type.</p>
-<p>Instead, please use <a href="$encUrl">this URL</a>, which is the same as the URL you have requested, except that
-"&*" is appended. This prevents Internet Explorer from seeing a bogus file
-extension.
+<p>Instead, please use <a href="$encUrl">this URL</a>, which is the same as the
+URL you have requested, except that "&*" is appended. This prevents Internet
+Explorer from seeing a bogus file extension.
</p>
</body>
</html>
/**
* Parse the Accept-Language header sent by the client into an array
- * @return array array( languageCode => q-value ) sorted by q-value in descending order then
- * appearing time in the header in ascending order.
+ *
+ * @return array array( languageCode => q-value ) sorted by q-value in
+ * descending order then appearing time in the header in ascending order.
* May contain the "language" '*', which applies to languages other than those explicitly listed.
* This is aligned with rfc2616 section 14.4
* Preference for earlier languages appears in rfc3282 as an extension to HTTP/1.1.
*/
public function getAcceptLang() {
- // Modified version of code found at http://www.thefutureoftheweb.com/blog/use-accept-language-header
+ // Modified version of code found at
+ // http://www.thefutureoftheweb.com/blog/use-accept-language-header
$acceptLang = $this->getHeader( 'Accept-Language' );
if ( !$acceptLang ) {
return array();
// Break up string into pieces (languages and q factors)
$lang_parse = null;
- preg_match_all( '/([a-z]{1,8}(-[a-z]{1,8})*|\*)\s*(;\s*q\s*=\s*(1(\.0{0,3})?|0(\.[0-9]{0,3})?)?)?/',
- $acceptLang, $lang_parse );
+ preg_match_all(
+ '/([a-z]{1,8}(-[a-z]{1,8})*|\*)\s*(;\s*q\s*=\s*(1(\.0{0,3})?|0(\.[0-9]{0,3})?)?)?/',
+ $acceptLang,
+ $lang_parse
+ );
if ( !count( $lang_parse[1] ) ) {
return array();
}
if ( is_array( $_SERVER['REMOTE_ADDR'] ) || strpos( $_SERVER['REMOTE_ADDR'], ',' ) !== false ) {
- throw new MWException( __METHOD__ . " : Could not determine the remote IP address due to multiple values." );
+ throw new MWException( __METHOD__
+ . " : Could not determine the remote IP address due to multiple values." );
} else {
$ipchain = $_SERVER['REMOTE_ADDR'];
}
# collect the originating ips
$ip = $this->getRawIP();
+ if ( !$ip ) {
+ throw new MWException( 'Unable to determine IP.' );
+ }
# Append XFF
$forwardedFor = $this->getHeader( 'X-Forwarded-For' );
if ( $forwardedFor !== false ) {
+ $isConfigured = IP::isConfiguredProxy( $ip );
$ipchain = array_map( 'trim', explode( ',', $forwardedFor ) );
$ipchain = array_reverse( $ipchain );
- if ( $ip ) {
- array_unshift( $ipchain, $ip );
- }
+ array_unshift( $ipchain, $ip );
# Step through XFF list and find the last address in the list which is a
# trusted server. Set $ip to the IP address given by that trusted server,
# unless the address is not sensible (e.g. private). However, prefer private
# IP addresses over proxy servers controlled by this site (more sensible).
+ # Note that some XFF values might be "unknown" with Squid/Varnish.
foreach ( $ipchain as $i => $curIP ) {
- // ignore 'unknown' value from Squid when 'forwarded_for off' and try next
- if ( $curIP === 'unknown' ) {
- continue;
- }
$curIP = IP::sanitizeIP( IP::canonicalize( $curIP ) );
- if ( wfIsTrustedProxy( $curIP ) && isset( $ipchain[$i + 1] ) ) {
- if ( wfIsConfiguredProxy( $curIP ) || // bug 48919; treat IP as sane
- IP::isPublic( $ipchain[$i + 1] ) ||
- $wgUsePrivateIPs
- ) {
- $nextIP = IP::canonicalize( $ipchain[$i + 1] );
- if ( !$nextIP && wfIsConfiguredProxy( $ip ) ) {
- // We have not yet made it past CDN/proxy servers of this site,
- // so either they are misconfigured or there is some IP spoofing.
- throw new MWException( "Invalid IP given in XFF '$forwardedFor'." );
- }
- $ip = $nextIP;
- continue;
+ if ( !$curIP || !isset( $ipchain[$i + 1] ) || $ipchain[$i + 1] === 'unknown'
+ || !IP::isTrustedProxy( $curIP )
+ ) {
+ break; // IP is not valid/trusted or does not point to anything
+ }
+ if (
+ IP::isPublic( $ipchain[$i + 1] ) ||
+ $wgUsePrivateIPs ||
+ IP::isConfiguredProxy( $curIP ) // bug 48919; treat IP as sane
+ ) {
+ // Follow the next IP according to the proxy
+ $nextIP = IP::canonicalize( $ipchain[$i + 1] );
+ if ( !$nextIP && $isConfigured ) {
+ // We have not yet made it past CDN/proxy servers of this site,
+ // so either they are misconfigured or there is some IP spoofing.
+ throw new MWException( "Invalid IP given in XFF '$forwardedFor'." );
}
+ $ip = $nextIP;
+ // keep traversing the chain
+ continue;
}
break;
}
* @param string $protocol 'http' or 'https'
* @throws MWException
*/
- public function __construct( $data = array(), $wasPosted = false, $session = null, $protocol = 'http' ) {
+ public function __construct( $data = array(), $wasPosted = false,
+ $session = null, $protocol = 'http'
+ ) {
if ( is_array( $data ) ) {
$this->data = $data;
} else {