https://bugzilla.wikimedia.org/show_bug.cgi?id=14977
--- Comment #17 from Philippe Verdy <verd...@wanadoo.fr> 2010-10-01 18:23:56 UTC --- It would be much simpler if $_SERVER['SERVER_NAME'], which equals to "2a01:e0b:1:47:240:63ff:fee8:c3a", was simply replaced by adding surrounding square brackets very early every time it contains colons. My opinion is that a server name shoud always be delimited, independantly of where it is used. Then no more special code to test anywhere else... except if this value is used in a DNS resolver such as gethostbyname(), which may eventually fail if it does not accept the square brackets (my opinion is that such API should ALWAYS accept these brackets. So check for occurences of * gethostbyname(String name) or gethostsbyname(String name), which return one or several addresses (IPv4, IPv6, or other) from a hostname, using the locally configured name resolver (local hosts file, DNS, WINS, NetBios, or other service) so that it will reformat all IPv6 addresses in the returned set within brackets. Normally the returned addresses by this socket API are in binary format, but its PHP binding serializes it into a string, forgetting the bracket. However, in most installations of PHP, the variable is set by Apache in an environment string, and Apache (and other servers like IIS, or ISAPI and other interfaces) also forgets to adds the brackets for IPv6 addresses (there's an old bug about this, this was not changed because now too many applications expect to detect themselves the colons and add the brackets automatically : we should alsp do the same, by using these APIs indirectly via a proxying compatibility function). * gethostname(sockaddr_t address), which attempts to retrieve a hostname from the specified address (in binary IPv4 or IPv6 format, or other). The API normally expects an address in binary format (not restricted to IPv4 or IPv6 only, for example a NetBEUI "address" which is a short ASCII-only string). In all cases, the occurences of ":" or "/" in a canonical hostname (as used in the socket API or received from the webserver API or environment variables) should be blackboxed by inserting it within brackets, otherwise if these characters are not present, then NO surrounding bracket should be present. The algorithm is described in the RFCs describing URI formats and how to encapsulate a hostname into a valid URI. Note: MediaWiki should NOT be restricted to be used over Internet, it should be compatible with various network protocols to reach the webserver, not just IPv4 or even IPv6, so it should be neutral about which address type is effectively used: it should even work over a LAN with NetBEUI addresses (with the additional convenience that network datagrams not using an IP protocol are easily firewalled, without complex rules, or within a completely separate domain administration, as NetBEUI addresses will not pass through any router, unless it is proxied or transported over a private tunnel, usually secured and encrypted). So solution is effectively to blackbox the content of $_SERVER variable, i.e. the environment variables set by web servers (or FastCGI slave servers) when instanciating PHP, or the socket APIs used through the PHP APIs, before even setting our "$wgServer" variable from these values. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
