Skip IP::isInRange() test if input is not in CIDR notation

IP:isInRange() performs several moderately expensive tests via regular
expression matching that can cause unwanted load with a sufficiently
complicated runtime configuration. Check the $wgSquidServersNoPurge
value to see if it includes the CIDR mask separator token ('/') before
continuing on to perform those more expensive tests.

Follows up Ia81bed7d8b42a2d2b200a3ce45a74e3784cdca2a

Bug: 52829

Change-Id: Ia557cb54f3a1bf67c8282140ab748369faa83028

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 2d1ddcb..5a1e82f 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -2287,6 +2287,7 @@ $wgSquidServers = array();
  * As above, except these servers aren't purged on page changes; use to set a
  * list of trusted proxies, etc. Supports both individual IP addresses and
  * CIDR blocks.
+ * @since 1.23 Supports CIDR ranges
  */
 $wgSquidServersNoPurge = array();
 

diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php
index ae7e953..a0f9e5f 100644 (file)
--- a/includes/ProxyTools.php
+++ b/includes/ProxyTools.php
@@ -77,6 +77,7 @@ function wfIsTrustedProxy( $ip ) {
  * Checks if an IP matches a proxy we've configured.
  * @param $ip String
  * @return bool
+ * @since 1.23 Supports CIDR ranges in $wgSquidServersNoPurge
  */
 function wfIsConfiguredProxy( $ip ) {
        global $wgSquidServers, $wgSquidServersNoPurge;
@@ -89,7 +90,7 @@ function wfIsConfiguredProxy( $ip ) {
                // slightly slower check to see if the ip is listed directly or in a CIDR
                // block in $wgSquidServersNoPurge
                foreach ( $wgSquidServersNoPurge as $block ) {
-                       if ( IP::isInRange( $ip, $block ) ) {
+                       if ( strpos( $block, '/' ) !== false && IP::isInRange( $ip, $block ) ) {
                                $trusted = true;
                                break;
                        }