[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Implement RFC7239 compatible X-Forwarded-For parsing

Fri, 16 Dec 2016 14:39:50 -0800 

Puiterwijk has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/327858 )

Change subject: Implement RFC7239 compatible X-Forwarded-For parsing
......................................................................

Implement RFC7239 compatible X-Forwarded-For parsing

Change-Id: I4384a1b693f4461a78a914c09ecfca3b72d3fe99
---
M includes/DefaultSettings.php
M includes/WebRequest.php
2 files changed, 11 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/58/327858/1

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 09ea958..fe83204 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -2796,6 +2796,14 @@
  */
 $wgUsePrivateIPs = false;
 
+/**
+ * Should the X-Forwarded-For header be parsed according to RFC7239, with the
+ * assumption that the actual client IP is the first entry in the header.
+ *
+ * This defaults to false for backwards compatibility reasons.
+ */
+$wgRfcProxyIPs = false;
+
 /** @} */ # end of HTTP proxy settings
 
 /************************************************************************//**
diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index e7c9b83..50b21ad 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -1227,7 +1227,9 @@
                        $proxyLookup = 
MediaWikiServices::getInstance()->getProxyLookup();
                        $isConfigured = $proxyLookup->isConfiguredProxy( $ip );
                        $ipchain = array_map( 'trim', explode( ',', 
$forwardedFor ) );
-                       $ipchain = array_reverse( $ipchain );
+                       if ( !$wgRfcProxyIPs ) {
+                               $ipchain = array_reverse( $ipchain );
+                       }
                        array_unshift( $ipchain, $ip );
 
                        # Step through XFF list and find the last address in 
the list which is a

-- 
To view, visit https://gerrit.wikimedia.org/r/327858
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I4384a1b693f4461a78a914c09ecfca3b72d3fe99
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Puiterwijk <patr...@puiterwijk.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to