[MediaWiki-commits] [Gerrit] Set up security enviornment much earlier - change (wikimedia...SmashPig)

Wed, 19 Feb 2014 15:09:01 -0800 

Adamw has submitted this change and it was merged.

Change subject: Set up security enviornment much earlier
......................................................................


Set up security enviornment much earlier

Basically there's a log line that says "Starting processing of request from..."
which had the wrong IP because we did not yet have the XFF stuff set up
correctly at that point.

Change-Id: Ibc6ed2c4a8f5ce68d1caae90fe5cd96e2cb4c0c4
---
M Core/Http/RequestHandler.php
M Core/Listeners/ListenerBase.php
2 files changed, 10 insertions(+), 9 deletions(-)

Approvals:
  Adamw: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/Core/Http/RequestHandler.php b/Core/Http/RequestHandler.php
index fff540f..30cc989 100644
--- a/Core/Http/RequestHandler.php
+++ b/Core/Http/RequestHandler.php
@@ -77,6 +77,16 @@
                AutoLoader::getInstance()->addConfiguredNamespaces();
                AutoLoader::getInstance()->addConfiguredIncludes();
 
+               // Inform the request object of our security environment
+               $trustedHeader = $config->val( 'security/ip-header-name' );
+               if ( $trustedHeader ) {
+                       $request->setTrustedHeaderName( 
Request::HEADER_CLIENT_IP, $trustedHeader );
+               }
+               $trustedProxies = $config->val( 'security/ip-trusted-proxies' );
+               if ( $trustedProxies ) {
+                       $request->setTrustedProxies( $trustedProxies );
+               }
+
                // --- Actually get the endpoint object and start the request 
---
                $endpointObj = $config->obj( "endpoints/$action" );
                if ( $endpointObj instanceof IHttpActionHandler ) {
diff --git a/Core/Listeners/ListenerBase.php b/Core/Listeners/ListenerBase.php
index b8503c0..766c885 100644
--- a/Core/Listeners/ListenerBase.php
+++ b/Core/Listeners/ListenerBase.php
@@ -57,15 +57,6 @@
                $whitelist = $this->c->val( 'security/ip-whitelist', true );
 
                // Obtain remote party IP
-               $trustedHeader = $this->c->val( 'security/ip-header-name' );
-               if ( $trustedHeader ) {
-                       $this->request->setTrustedHeaderName( 
Request::HEADER_CLIENT_IP, $trustedHeader );
-               }
-               $trustedProxies = $this->c->val( 'security/ip-trusted-proxies' 
);
-               if ( $trustedProxies ) {
-                       $this->request->setTrustedProxies( $trustedProxies );
-               }
-
                $remote_ip = $this->request->getClientIp();
 
                // Do we continue?

-- 
To view, visit https://gerrit.wikimedia.org/r/114353
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ibc6ed2c4a8f5ce68d1caae90fe5cd96e2cb4c0c4
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/fundraising/SmashPig
Gerrit-Branch: master
Gerrit-Owner: Mwalker <mwal...@wikimedia.org>
Gerrit-Reviewer: Adamw <awi...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to