jenkins-bot has submitted this change and it was merged. Change subject: Add IPv6 range support, for Opera Turbo ......................................................................
Add IPv6 range support, for Opera Turbo Tested only in eval.php. Checked that TrustedXFF::isTrusted() gives appropriate responses for IPv6 addresses in and out of the Opera Turbo range. Change-Id: I1fc717b709d6bc35023bc6fe1b51fc384c5a6d8e --- M TrustedXFF.php M trusted-hosts.txt 2 files changed, 22 insertions(+), 5 deletions(-) Approvals: Tim Starling: Looks good to me, approved jenkins-bot: Verified diff --git a/TrustedXFF.php b/TrustedXFF.php index 58d55d5..e4cd4c5 100644 --- a/TrustedXFF.php +++ b/TrustedXFF.php @@ -33,6 +33,15 @@ var $cdb; + // FIXME: IPv6 ranges need to be put here for now, there is no + // trusted-hosts.txt support. The ranges are too large to be expanded with + // the current CDB system. + static $ipv6Ranges = array( + // Opera Turbo + // Source: net-changes-mini + '2001:4c28::/32' + ); + static function onIsTrustedProxy( &$ip, &$trusted ) { // Don't want to override hosts that are already trusted if ( !$trusted ) { @@ -70,7 +79,17 @@ if ( $data ) { return true; } - // TODO: IPv6 prefixes which aren't feasible to expand + + // Try IPv6 ranges + if ( substr( $hex, 0, 2 ) === 'v6' ) { + foreach ( self::$ipv6Ranges as $range ) { + list( $start, $end ) = IP::parseRange( $range ); + if ( $hex >= $start && $hex <= $end ) { + return true; + } + } + } + return false; } } diff --git a/trusted-hosts.txt b/trusted-hosts.txt index 5d7620e..b421d23 100644 --- a/trusted-hosts.txt +++ b/trusted-hosts.txt @@ -3,7 +3,8 @@ # # http://meta.wikimedia.org/wiki/XFF_project # - +# Note: IPv6 ranges cannot currently be listed in this file. They are +# listed in TrustedXFF.php instead. # AOL @@ -566,9 +567,6 @@ 209.170.68.0/24 217.212.226.0/24 217.212.230.0/23 - -# Opera -2001:4c28::/32 # True Internet (Thailand) 61.91.190.242 -- To view, visit https://gerrit.wikimedia.org/r/66182 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I1fc717b709d6bc35023bc6fe1b51fc384c5a6d8e Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/extensions/TrustedXFF Gerrit-Branch: master Gerrit-Owner: Tim Starling <tstarl...@wikimedia.org> Gerrit-Reviewer: MZMcBride <w...@mzmcbride.com> Gerrit-Reviewer: Reedy <re...@wikimedia.org> Gerrit-Reviewer: Tim Starling <tstarl...@wikimedia.org> Gerrit-Reviewer: jenkins-bot _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits