/** Work out the IP address based on various globals */
function wfGetIP()
{
global $wgIP;
# Return cached result
if (!empty($wgIP)) {
return $wgIP;
}
/* collect the originating ips */
# Client connecting to this webserver
if (isset($_SERVER['REMOTE_ADDR'])) {
$ipchain = array(IP::canonicalize($_SERVER['REMOTE_ADDR']));
} else {
# Running on CLI?
$ipchain = array('127.0.0.1');
}
$ip = $ipchain[0];
# Append XFF on to $ipchain
$forwardedFor = wfGetForwardedFor();
if (isset($forwardedFor)) {
$xff = array_map('trim', explode(',', $forwardedFor));
$xff = array_reverse($xff);
$ipchain = array_merge($ipchain, $xff);
}
# Step through XFF list and find the last address in the list which is a trusted server
# Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private)
foreach ($ipchain as $i => $curIP) {
$curIP = IP::canonicalize($curIP);
if (wfIsTrustedProxy($curIP)) {
if (isset($ipchain[$i + 1]) && IP::isPublic($ipchain[$i + 1])) {
$ip = $ipchain[$i + 1];
}
} else {
break;
}
}
wfDebug("IP: {$ip}\n");
$wgIP = $ip;
return $ip;
}
/**
* Work out the IP address based on various globals
* For trusted proxies, use the XFF client IP (first of the chain)
*
* @since 1.19
*
* @throws MWException
* @return string
*/
public function getIP()
{
global $wgUsePrivateIPs;
# Return cached result
if ($this->ip !== null) {
return $this->ip;
}
# collect the originating ips
$ip = $this->getRawIP();
# Append XFF
$forwardedFor = $this->getHeader('X-Forwarded-For');
if ($forwardedFor !== false) {
$ipchain = array_map('trim', explode(',', $forwardedFor));
$ipchain = array_reverse($ipchain);
if ($ip) {
array_unshift($ipchain, $ip);
}
# Step through XFF list and find the last address in the list which is a trusted server
# Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private)
foreach ($ipchain as $i => $curIP) {
$curIP = IP::canonicalize($curIP);
if (wfIsTrustedProxy($curIP)) {
if (isset($ipchain[$i + 1])) {
if ($wgUsePrivateIPs || IP::isPublic($ipchain[$i + 1])) {
$ip = $ipchain[$i + 1];
}
}
} else {
break;
}
}
}
# Allow extensions to improve our guess
wfRunHooks('GetIP', array(&$ip));
if (!$ip) {
throw new MWException("Unable to determine IP");
}
wfDebug("IP: {$ip}\n");
$this->ip = $ip;
return $ip;
}
/**
* @covers IP::canonicalize
*/
public function testIPCanonicalizeMappedAddress()
{
$this->assertEquals('192.0.2.152', IP::canonicalize('::ffff:192.0.2.152'));
$this->assertEquals('192.0.2.152', IP::canonicalize('::192.0.2.152'));
}
/**
* Work out the IP address based on various globals
* For trusted proxies, use the XFF client IP (first of the chain)
*
* @since 1.19
*
* @throws MWException
* @return string
*/
public function getIP()
{
global $wgUsePrivateIPs;
# Return cached result
if ($this->ip !== null) {
return $this->ip;
}
# collect the originating ips
$ip = $this->getRawIP();
if (!$ip) {
throw new MWException('Unable to determine IP.');
}
# Append XFF
$forwardedFor = $this->getHeader('X-Forwarded-For');
if ($forwardedFor !== false) {
$isConfigured = IP::isConfiguredProxy($ip);
$ipchain = array_map('trim', explode(',', $forwardedFor));
$ipchain = array_reverse($ipchain);
array_unshift($ipchain, $ip);
# Step through XFF list and find the last address in the list which is a
# trusted server. Set $ip to the IP address given by that trusted server,
# unless the address is not sensible (e.g. private). However, prefer private
# IP addresses over proxy servers controlled by this site (more sensible).
# Note that some XFF values might be "unknown" with Squid/Varnish.
foreach ($ipchain as $i => $curIP) {
$curIP = IP::sanitizeIP(IP::canonicalize($curIP));
if (!$curIP || !isset($ipchain[$i + 1]) || $ipchain[$i + 1] === 'unknown' || !IP::isTrustedProxy($curIP)) {
break;
// IP is not valid/trusted or does not point to anything
}
if (IP::isPublic($ipchain[$i + 1]) || $wgUsePrivateIPs || IP::isConfiguredProxy($curIP)) {
// Follow the next IP according to the proxy
$nextIP = IP::canonicalize($ipchain[$i + 1]);
if (!$nextIP && $isConfigured) {
// We have not yet made it past CDN/proxy servers of this site,
// so either they are misconfigured or there is some IP spoofing.
throw new MWException("Invalid IP given in XFF '{$forwardedFor}'.");
}
$ip = $nextIP;
// keep traversing the chain
continue;
}
break;
}
}
# Allow extensions to improve our guess
Hooks::run('GetIP', array(&$ip));
if (!$ip) {
throw new MWException("Unable to determine IP.");
}
wfDebug("IP: {$ip}\n");
$this->ip = $ip;
return $ip;
}
/**
* Work out the IP address based on various globals
* For trusted proxies, use the XFF client IP (first of the chain)
* @return string
*/
function wfGetIP()
{
global $wgUsePrivateIPs, $wgCommandLineMode;
static $ip = false;
# Return cached result
if (!empty($ip)) {
return $ip;
}
$ipchain = array();
/* collect the originating ips */
# Client connecting to this webserver
if (isset($_SERVER['REMOTE_ADDR'])) {
$ip = IP::canonicalize($_SERVER['REMOTE_ADDR']);
} elseif ($wgCommandLineMode) {
$ip = '127.0.0.1';
}
if ($ip) {
$ipchain[] = $ip;
}
# Append XFF on to $ipchain
$forwardedFor = wfGetForwardedFor();
if (isset($forwardedFor)) {
$xff = array_map('trim', explode(',', $forwardedFor));
$xff = array_reverse($xff);
$ipchain = array_merge($ipchain, $xff);
}
# Step through XFF list and find the last address in the list which is a trusted server
# Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private)
foreach ($ipchain as $i => $curIP) {
$curIP = IP::canonicalize($curIP);
if (wfIsTrustedProxy($curIP)) {
if (isset($ipchain[$i + 1])) {
if ($wgUsePrivateIPs || IP::isPublic($ipchain[$i + 1])) {
$ip = $ipchain[$i + 1];
}
}
} else {
break;
}
}
# Allow extensions to improve our guess
wfRunHooks('GetIP', array(&$ip));
if (!$ip) {
throw new MWException("Unable to determine IP");
}
wfDebug("IP: {$ip}\n");
return $ip;
}
static function getCurrUserName()
{
global $wgUser, $wgSquidServers;
global $wgUsePrivateIPs;
if (self::$anon_forwarded_for === true && $wgUser->isAnon()) {
/* collect the originating IPs
borrowed from ProxyTools::wfGetIP
bypass trusted proxies list check */
# Client connecting to this webserver
if (isset($_SERVER['REMOTE_ADDR'])) {
$ipchain = array(IP::canonicalize($_SERVER['REMOTE_ADDR']));
} else {
# Running on CLI?
$ipchain = array('127.0.0.1');
}
$ip = $ipchain[0];
# Append XFF on to $ipchain
$forwardedFor = wfGetForwardedFor();
if (isset($forwardedFor)) {
$xff = array_map('trim', explode(',', $forwardedFor));
$xff = array_reverse($xff);
$ipchain = array_merge($ipchain, $xff);
}
$username = "";
foreach ($ipchain as $i => $curIP) {
if ($wgUsePrivateIPs || IP::isPublic($curIP)) {
$username .= IP::canonicalize($curIP) . '/';
}
}
if ($username != "") {
# remove trailing slash
$username = substr($username, 0, strlen($username) - 1);
} else {
$username .= IP::canonicalize($ipchain[0]);
}
} else {
$username = $wgUser->getName();
}
return $username;
}
/**
* Work out the IP address based on various globals
* For trusted proxies, use the XFF client IP (first of the chain)
*
* @since 1.19
*
* @throws MWException
* @return string
*/
public function getIP() {
global $wgUsePrivateIPs;
# Return cached result
if ( $this->ip !== null ) {
return $this->ip;
}
# collect the originating ips
$ip = $this->getRawIP();
# Append XFF
$forwardedFor = $this->getHeader( 'X-Forwarded-For' );
if ( $forwardedFor !== false ) {
$ipchain = array_map( 'trim', explode( ',', $forwardedFor ) );
$ipchain = array_reverse( $ipchain );
if ( $ip ) {
array_unshift( $ipchain, $ip );
}
# Step through XFF list and find the last address in the list which is a
# trusted server. Set $ip to the IP address given by that trusted server,
# unless the address is not sensible (e.g. private). However, prefer private
# IP addresses over proxy servers controlled by this site (more sensible).
foreach ( $ipchain as $i => $curIP ) {
$curIP = IP::sanitizeIP( IP::canonicalize( $curIP ) );
if ( wfIsTrustedProxy( $curIP ) && isset( $ipchain[$i + 1] ) ) {
if ( wfIsConfiguredProxy( $curIP ) || // bug 48919; treat IP as sane
IP::isPublic( $ipchain[$i + 1] ) ||
$wgUsePrivateIPs
) {
$nextIP = IP::canonicalize( $ipchain[$i + 1] );
if ( !$nextIP && wfIsConfiguredProxy( $ip ) ) {
// We have not yet made it past CDN/proxy servers of this site,
// so either they are misconfigured or there is some IP spoofing.
throw new MWException( "Invalid IP given in XFF '$forwardedFor'." );
}
$ip = $nextIP;
continue;
}
}
break;
}
}
# Allow extensions to improve our guess
wfRunHooks( 'GetIP', array( &$ip ) );
if ( !$ip ) {
throw new MWException( "Unable to determine IP." );
}
wfDebug( "IP: $ip\n" );
$this->ip = $ip;
return $ip;
}
