/** Work out the IP address based on various globals */ function wfGetIP() { global $wgIP; # Return cached result if (!empty($wgIP)) { return $wgIP; } /* collect the originating ips */ # Client connecting to this webserver if (isset($_SERVER['REMOTE_ADDR'])) { $ipchain = array(IP::canonicalize($_SERVER['REMOTE_ADDR'])); } else { # Running on CLI? $ipchain = array('127.0.0.1'); } $ip = $ipchain[0]; # Append XFF on to $ipchain $forwardedFor = wfGetForwardedFor(); if (isset($forwardedFor)) { $xff = array_map('trim', explode(',', $forwardedFor)); $xff = array_reverse($xff); $ipchain = array_merge($ipchain, $xff); } # Step through XFF list and find the last address in the list which is a trusted server # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) foreach ($ipchain as $i => $curIP) { $curIP = IP::canonicalize($curIP); if (wfIsTrustedProxy($curIP)) { if (isset($ipchain[$i + 1]) && IP::isPublic($ipchain[$i + 1])) { $ip = $ipchain[$i + 1]; } } else { break; } } wfDebug("IP: {$ip}\n"); $wgIP = $ip; return $ip; }
/** * Work out the IP address based on various globals * For trusted proxies, use the XFF client IP (first of the chain) * * @since 1.19 * * @throws MWException * @return string */ public function getIP() { global $wgUsePrivateIPs; # Return cached result if ($this->ip !== null) { return $this->ip; } # collect the originating ips $ip = $this->getRawIP(); # Append XFF $forwardedFor = $this->getHeader('X-Forwarded-For'); if ($forwardedFor !== false) { $ipchain = array_map('trim', explode(',', $forwardedFor)); $ipchain = array_reverse($ipchain); if ($ip) { array_unshift($ipchain, $ip); } # Step through XFF list and find the last address in the list which is a trusted server # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) foreach ($ipchain as $i => $curIP) { $curIP = IP::canonicalize($curIP); if (wfIsTrustedProxy($curIP)) { if (isset($ipchain[$i + 1])) { if ($wgUsePrivateIPs || IP::isPublic($ipchain[$i + 1])) { $ip = $ipchain[$i + 1]; } } } else { break; } } } # Allow extensions to improve our guess wfRunHooks('GetIP', array(&$ip)); if (!$ip) { throw new MWException("Unable to determine IP"); } wfDebug("IP: {$ip}\n"); $this->ip = $ip; return $ip; }
/** * @covers IP::canonicalize */ public function testIPCanonicalizeMappedAddress() { $this->assertEquals('192.0.2.152', IP::canonicalize('::ffff:192.0.2.152')); $this->assertEquals('192.0.2.152', IP::canonicalize('::192.0.2.152')); }
/** * Work out the IP address based on various globals * For trusted proxies, use the XFF client IP (first of the chain) * * @since 1.19 * * @throws MWException * @return string */ public function getIP() { global $wgUsePrivateIPs; # Return cached result if ($this->ip !== null) { return $this->ip; } # collect the originating ips $ip = $this->getRawIP(); if (!$ip) { throw new MWException('Unable to determine IP.'); } # Append XFF $forwardedFor = $this->getHeader('X-Forwarded-For'); if ($forwardedFor !== false) { $isConfigured = IP::isConfiguredProxy($ip); $ipchain = array_map('trim', explode(',', $forwardedFor)); $ipchain = array_reverse($ipchain); array_unshift($ipchain, $ip); # Step through XFF list and find the last address in the list which is a # trusted server. Set $ip to the IP address given by that trusted server, # unless the address is not sensible (e.g. private). However, prefer private # IP addresses over proxy servers controlled by this site (more sensible). # Note that some XFF values might be "unknown" with Squid/Varnish. foreach ($ipchain as $i => $curIP) { $curIP = IP::sanitizeIP(IP::canonicalize($curIP)); if (!$curIP || !isset($ipchain[$i + 1]) || $ipchain[$i + 1] === 'unknown' || !IP::isTrustedProxy($curIP)) { break; // IP is not valid/trusted or does not point to anything } if (IP::isPublic($ipchain[$i + 1]) || $wgUsePrivateIPs || IP::isConfiguredProxy($curIP)) { // Follow the next IP according to the proxy $nextIP = IP::canonicalize($ipchain[$i + 1]); if (!$nextIP && $isConfigured) { // We have not yet made it past CDN/proxy servers of this site, // so either they are misconfigured or there is some IP spoofing. throw new MWException("Invalid IP given in XFF '{$forwardedFor}'."); } $ip = $nextIP; // keep traversing the chain continue; } break; } } # Allow extensions to improve our guess Hooks::run('GetIP', array(&$ip)); if (!$ip) { throw new MWException("Unable to determine IP."); } wfDebug("IP: {$ip}\n"); $this->ip = $ip; return $ip; }
/** * Work out the IP address based on various globals * For trusted proxies, use the XFF client IP (first of the chain) * @return string */ function wfGetIP() { global $wgUsePrivateIPs, $wgCommandLineMode; static $ip = false; # Return cached result if (!empty($ip)) { return $ip; } $ipchain = array(); /* collect the originating ips */ # Client connecting to this webserver if (isset($_SERVER['REMOTE_ADDR'])) { $ip = IP::canonicalize($_SERVER['REMOTE_ADDR']); } elseif ($wgCommandLineMode) { $ip = '127.0.0.1'; } if ($ip) { $ipchain[] = $ip; } # Append XFF on to $ipchain $forwardedFor = wfGetForwardedFor(); if (isset($forwardedFor)) { $xff = array_map('trim', explode(',', $forwardedFor)); $xff = array_reverse($xff); $ipchain = array_merge($ipchain, $xff); } # Step through XFF list and find the last address in the list which is a trusted server # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) foreach ($ipchain as $i => $curIP) { $curIP = IP::canonicalize($curIP); if (wfIsTrustedProxy($curIP)) { if (isset($ipchain[$i + 1])) { if ($wgUsePrivateIPs || IP::isPublic($ipchain[$i + 1])) { $ip = $ipchain[$i + 1]; } } } else { break; } } # Allow extensions to improve our guess wfRunHooks('GetIP', array(&$ip)); if (!$ip) { throw new MWException("Unable to determine IP"); } wfDebug("IP: {$ip}\n"); return $ip; }
static function getCurrUserName() { global $wgUser, $wgSquidServers; global $wgUsePrivateIPs; if (self::$anon_forwarded_for === true && $wgUser->isAnon()) { /* collect the originating IPs borrowed from ProxyTools::wfGetIP bypass trusted proxies list check */ # Client connecting to this webserver if (isset($_SERVER['REMOTE_ADDR'])) { $ipchain = array(IP::canonicalize($_SERVER['REMOTE_ADDR'])); } else { # Running on CLI? $ipchain = array('127.0.0.1'); } $ip = $ipchain[0]; # Append XFF on to $ipchain $forwardedFor = wfGetForwardedFor(); if (isset($forwardedFor)) { $xff = array_map('trim', explode(',', $forwardedFor)); $xff = array_reverse($xff); $ipchain = array_merge($ipchain, $xff); } $username = ""; foreach ($ipchain as $i => $curIP) { if ($wgUsePrivateIPs || IP::isPublic($curIP)) { $username .= IP::canonicalize($curIP) . '/'; } } if ($username != "") { # remove trailing slash $username = substr($username, 0, strlen($username) - 1); } else { $username .= IP::canonicalize($ipchain[0]); } } else { $username = $wgUser->getName(); } return $username; }
/** * Work out the IP address based on various globals * For trusted proxies, use the XFF client IP (first of the chain) * * @since 1.19 * * @throws MWException * @return string */ public function getIP() { global $wgUsePrivateIPs; # Return cached result if ( $this->ip !== null ) { return $this->ip; } # collect the originating ips $ip = $this->getRawIP(); # Append XFF $forwardedFor = $this->getHeader( 'X-Forwarded-For' ); if ( $forwardedFor !== false ) { $ipchain = array_map( 'trim', explode( ',', $forwardedFor ) ); $ipchain = array_reverse( $ipchain ); if ( $ip ) { array_unshift( $ipchain, $ip ); } # Step through XFF list and find the last address in the list which is a # trusted server. Set $ip to the IP address given by that trusted server, # unless the address is not sensible (e.g. private). However, prefer private # IP addresses over proxy servers controlled by this site (more sensible). foreach ( $ipchain as $i => $curIP ) { $curIP = IP::sanitizeIP( IP::canonicalize( $curIP ) ); if ( wfIsTrustedProxy( $curIP ) && isset( $ipchain[$i + 1] ) ) { if ( wfIsConfiguredProxy( $curIP ) || // bug 48919; treat IP as sane IP::isPublic( $ipchain[$i + 1] ) || $wgUsePrivateIPs ) { $nextIP = IP::canonicalize( $ipchain[$i + 1] ); if ( !$nextIP && wfIsConfiguredProxy( $ip ) ) { // We have not yet made it past CDN/proxy servers of this site, // so either they are misconfigured or there is some IP spoofing. throw new MWException( "Invalid IP given in XFF '$forwardedFor'." ); } $ip = $nextIP; continue; } } break; } } # Allow extensions to improve our guess wfRunHooks( 'GetIP', array( &$ip ) ); if ( !$ip ) { throw new MWException( "Unable to determine IP." ); } wfDebug( "IP: $ip\n" ); $this->ip = $ip; return $ip; }