* This is necessary to validate whether or not the values of X-Forwarded-
* or Client-IP HTTP headers can be trusted
*/
if (!defined('TRUSTED_PROXY')) {
$trusted = true;
// will be false by default in a future release
if (getenv('BlockUntrustedProxyHeaders') || getenv('BlockUntrustedIPs') || defined('SS_TRUSTED_PROXY_IPS')) {
$trusted = false;
if (defined('SS_TRUSTED_PROXY_IPS') && SS_TRUSTED_PROXY_IPS !== 'none') {
if (SS_TRUSTED_PROXY_IPS === '*') {
$trusted = true;
} elseif (isset($_SERVER['REMOTE_ADDR'])) {
if (!class_exists('SilverStripe\\Control\\Util\\IPUtils')) {
require_once FRAMEWORK_PATH . '/control/IPUtils.php';
}
$trusted = IPUtils::checkIP($_SERVER['REMOTE_ADDR'], explode(',', SS_TRUSTED_PROXY_IPS));
}
}
}
/**
* Declare whether or not the connecting server is a trusted proxy
*/
define('TRUSTED_PROXY', $trusted);
}
/**
* A blank HTTP_HOST value is used to detect command-line execution.
* We update the $_SERVER variable to contain data consistent with the rest of the application.
*/
if (!isset($_SERVER['HTTP_HOST'])) {
// HTTP_HOST, REQUEST_PORT, SCRIPT_NAME, and PHP_SELF
global $_FILE_TO_URL_MAPPING;
function testIPUtils()
{
$IPUtils = new IPUtils();
$range = $IPUtils->CIDR2List("70.84.23.0/24");
$this->assertTrue(count($range) == 256, "CIDR converted to range");
$range = $IPUtils->IPRange2List("192.168.1.1-10");
$this->assertTrue(count($range) == 10, "Range converted to list");
$subnet_mask = $IPUtils->Bits2SubnetMask(24);
$this->assertTrue($subnet_mask == "255.255.255.0", "Subnet mask successfully generated");
$subnet_mask = $IPUtils->Bits2SubnetMask(27);
$this->assertTrue($subnet_mask == "255.255.255.224", "Subnet mask successfully generated");
$binary = $IPUtils->IP2bin("205.18.18.0");
$this->assertTrue($binary == "11001101000100100001001000000000", "Binary IP successfully generated");
$normal = $IPUtils->Bin2IP($binary);
$this->assertTrue($normal == "205.18.18.0", "IP successfully generated from binary string");
$bits = $IPUtils->SubnetMask2Bits("255.255.255.240");
$this->assertTrue($bits == 28, "Netbits successfully generated");
$subnets = $IPUtils->SplitSubnet("205.18.18.0", 24, 26);
$this->assertTrue($subnets[26][0] == "205.18.18.128" && $subnets[26][1] == "205.18.18.192", "/24 Subnet successfully splited");
$subnets = $IPUtils->SplitSubnet("205.18.0.0", 16, 23);
$this->assertTrue($subnets[23][0] == "205.18.252.0" && $subnets[23][1] == "205.18.254.0", "/16 Subnet successfully splited");
$subnets = $IPUtils->SplitSubnet("205.0.0.0", 8, 20);
$this->assertTrue($subnets[20][0] == "205.255.224.0" && $subnets[20][1] == "205.255.240.0", "/8 Subnet successfully splited");
$subnets = $IPUtils->SplitSubnet("205.127.0.0", 9, 16);
$this->assertTrue($subnets[16][0] == "205.126.0.0" && $subnets[16][1] == "205.127.0.0", "/9 Subnet successfully splited");
}
/**
* Returns hostname, without port numbers
*
* @param $host
* @return array
*/
public static function getHostSanitized($host)
{
if (!class_exists("Piwik\\Network\\IPUtils")) {
throw new Exception("Piwik\\Network\\IPUtils could not be found, maybe you are using Piwik from git and need to update Composer. \$ php composer.phar update");
}
return IPUtils::sanitizeIp($host);
}
/**
* Determines if the IP address is in a specified IP address range.
*
* An IPv4-mapped address should be range checked with an IPv4-mapped address range.
*
* @param array|string $ipRange IP address range (string or array containing min and max IP addresses)
* @return bool
*/
public function isInRange($ipRange)
{
$ipLen = strlen($this->ip);
if (empty($this->ip) || empty($ipRange) || $ipLen != 4 && $ipLen != 16) {
return false;
}
if (is_array($ipRange)) {
// already split into low/high IP addresses
$ipRange[0] = IPUtils::stringToBinaryIP($ipRange[0]);
$ipRange[1] = IPUtils::stringToBinaryIP($ipRange[1]);
} else {
// expect CIDR format but handle some variations
$ipRange = IPUtils::getIPRangeBounds($ipRange);
}
if ($ipRange === null) {
return false;
}
$low = $ipRange[0];
$high = $ipRange[1];
if (strlen($low) != $ipLen) {
return false;
}
// binary-safe string comparison
if ($this->ip >= $low && $this->ip <= $high) {
return true;
}
return false;
}
