* This is necessary to validate whether or not the values of X-Forwarded- * or Client-IP HTTP headers can be trusted */ if (!defined('TRUSTED_PROXY')) { $trusted = true; // will be false by default in a future release if (getenv('BlockUntrustedProxyHeaders') || getenv('BlockUntrustedIPs') || defined('SS_TRUSTED_PROXY_IPS')) { $trusted = false; if (defined('SS_TRUSTED_PROXY_IPS') && SS_TRUSTED_PROXY_IPS !== 'none') { if (SS_TRUSTED_PROXY_IPS === '*') { $trusted = true; } elseif (isset($_SERVER['REMOTE_ADDR'])) { if (!class_exists('SilverStripe\\Control\\Util\\IPUtils')) { require_once FRAMEWORK_PATH . '/control/IPUtils.php'; } $trusted = IPUtils::checkIP($_SERVER['REMOTE_ADDR'], explode(',', SS_TRUSTED_PROXY_IPS)); } } } /** * Declare whether or not the connecting server is a trusted proxy */ define('TRUSTED_PROXY', $trusted); } /** * A blank HTTP_HOST value is used to detect command-line execution. * We update the $_SERVER variable to contain data consistent with the rest of the application. */ if (!isset($_SERVER['HTTP_HOST'])) { // HTTP_HOST, REQUEST_PORT, SCRIPT_NAME, and PHP_SELF global $_FILE_TO_URL_MAPPING;
function testIPUtils() { $IPUtils = new IPUtils(); $range = $IPUtils->CIDR2List("70.84.23.0/24"); $this->assertTrue(count($range) == 256, "CIDR converted to range"); $range = $IPUtils->IPRange2List("192.168.1.1-10"); $this->assertTrue(count($range) == 10, "Range converted to list"); $subnet_mask = $IPUtils->Bits2SubnetMask(24); $this->assertTrue($subnet_mask == "255.255.255.0", "Subnet mask successfully generated"); $subnet_mask = $IPUtils->Bits2SubnetMask(27); $this->assertTrue($subnet_mask == "255.255.255.224", "Subnet mask successfully generated"); $binary = $IPUtils->IP2bin("205.18.18.0"); $this->assertTrue($binary == "11001101000100100001001000000000", "Binary IP successfully generated"); $normal = $IPUtils->Bin2IP($binary); $this->assertTrue($normal == "205.18.18.0", "IP successfully generated from binary string"); $bits = $IPUtils->SubnetMask2Bits("255.255.255.240"); $this->assertTrue($bits == 28, "Netbits successfully generated"); $subnets = $IPUtils->SplitSubnet("205.18.18.0", 24, 26); $this->assertTrue($subnets[26][0] == "205.18.18.128" && $subnets[26][1] == "205.18.18.192", "/24 Subnet successfully splited"); $subnets = $IPUtils->SplitSubnet("205.18.0.0", 16, 23); $this->assertTrue($subnets[23][0] == "205.18.252.0" && $subnets[23][1] == "205.18.254.0", "/16 Subnet successfully splited"); $subnets = $IPUtils->SplitSubnet("205.0.0.0", 8, 20); $this->assertTrue($subnets[20][0] == "205.255.224.0" && $subnets[20][1] == "205.255.240.0", "/8 Subnet successfully splited"); $subnets = $IPUtils->SplitSubnet("205.127.0.0", 9, 16); $this->assertTrue($subnets[16][0] == "205.126.0.0" && $subnets[16][1] == "205.127.0.0", "/9 Subnet successfully splited"); }
/** * Returns hostname, without port numbers * * @param $host * @return array */ public static function getHostSanitized($host) { if (!class_exists("Piwik\\Network\\IPUtils")) { throw new Exception("Piwik\\Network\\IPUtils could not be found, maybe you are using Piwik from git and need to update Composer. \$ php composer.phar update"); } return IPUtils::sanitizeIp($host); }
/** * Determines if the IP address is in a specified IP address range. * * An IPv4-mapped address should be range checked with an IPv4-mapped address range. * * @param array|string $ipRange IP address range (string or array containing min and max IP addresses) * @return bool */ public function isInRange($ipRange) { $ipLen = strlen($this->ip); if (empty($this->ip) || empty($ipRange) || $ipLen != 4 && $ipLen != 16) { return false; } if (is_array($ipRange)) { // already split into low/high IP addresses $ipRange[0] = IPUtils::stringToBinaryIP($ipRange[0]); $ipRange[1] = IPUtils::stringToBinaryIP($ipRange[1]); } else { // expect CIDR format but handle some variations $ipRange = IPUtils::getIPRangeBounds($ipRange); } if ($ipRange === null) { return false; } $low = $ipRange[0]; $high = $ipRange[1]; if (strlen($low) != $ipLen) { return false; } // binary-safe string comparison if ($this->ip >= $low && $this->ip <= $high) { return true; } return false; }