Reedy has submitted this change and it was merged.
Change subject: Revert "Support CIDR ranges in $wgSquidServersNoPurge"
......................................................................
Revert "Support CIDR ranges in $wgSquidServersNoPurge"
Potential performance problems
This reverts commit f1383d04b8edf1dfd355f9332ff3f154a89cc536.
Change-Id: Ie99e9ac47f34a03b4f15e64c8a7ab8af7ec5e79b
---
M RELEASE-NOTES-1.23
M includes/DefaultSettings.php
M includes/ProxyTools.php
M tests/phpunit/includes/WebRequestTest.php
4 files changed, 3 insertions(+), 49 deletions(-)
Approvals:
Reedy: Verified; Looks good to me, approved
diff --git a/RELEASE-NOTES-1.23 b/RELEASE-NOTES-1.23
index 7cf5c8e..04be2a2 100644
--- a/RELEASE-NOTES-1.23
+++ b/RELEASE-NOTES-1.23
@@ -18,9 +18,6 @@
exception metadata to JSON and logs it to the 'exception-json' log group.
This makes MediaWiki easier to integrate with log aggregation and analysis
tools.
-* $wgSquidServersNoPurge now supports the use of Classless Inter-Domain
- Routing (CIDR) notation to specify contiguous blocks of IPv4 and/or IPv6
- addresses that should be trusted to provide X-Forwarded-For headers.
=== New features in 1.23 ===
* ResourceLoader can utilize the Web Storage API to cache modules client-side.
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 6efeadd..d2c797e 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -2285,8 +2285,7 @@
/**
* As above, except these servers aren't purged on page changes; use to set a
- * list of trusted proxies, etc. Supports both individual IP addresses and
- * CIDR blocks.
+ * list of trusted proxies, etc.
*/
$wgSquidServersNoPurge = array();
diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php
index 4efd347..bf1c405 100644
--- a/includes/ProxyTools.php
+++ b/includes/ProxyTools.php
@@ -80,19 +80,7 @@
*/
function wfIsConfiguredProxy( $ip ) {
global $wgSquidServers, $wgSquidServersNoPurge;
-
- // quick check of known proxy servers
- $trusted = in_array( $ip, $wgSquidServers );
-
- if ( !$trusted ) {
- // slightly slower check to see if the ip is listed directly or
in a CIDR
- // block in $wgSquidServersNoPurge
- foreach ( $wgSquidServersNoPurge as $block ) {
- if ( IP::isInRange( $ip, $block ) ) {
- $trusted = true;
- break;
- }
- }
- }
+ $trusted = in_array( $ip, $wgSquidServers ) ||
+ in_array( $ip, $wgSquidServersNoPurge );
return $trusted;
}
diff --git a/tests/phpunit/includes/WebRequestTest.php
b/tests/phpunit/includes/WebRequestTest.php
index 06ed1fd..f8ed14b 100644
--- a/tests/phpunit/includes/WebRequestTest.php
+++ b/tests/phpunit/includes/WebRequestTest.php
@@ -269,28 +269,6 @@
false,
'With X-Forwaded-For and private IP and hook
(disallowed)'
),
- array(
- '12.0.0.1',
- array(
- 'REMOTE_ADDR' =>
'abcd:0001:002:03:4:555:6666:7777',
- 'HTTP_X_FORWARDED_FOR' => '12.0.0.1,
abcd:0001:002:03:4:555:6666:7777',
- ),
- array( 'ABCD:1:2:3::/64' ),
- array(),
- false,
- 'IPv6 CIDR'
- ),
- array(
- '12.0.0.3',
- array(
- 'REMOTE_ADDR' => '12.0.0.1',
- 'HTTP_X_FORWARDED_FOR' => '12.0.0.3,
12.0.0.2'
- ),
- array( '12.0.0.0/24' ),
- array(),
- false,
- 'IPv4 CIDR'
- ),
);
}
@@ -299,14 +277,6 @@
* @covers WebRequest::getIP
*/
public function testGetIpLackOfRemoteAddrThrowAnException() {
- // ensure that local install state doesn't interfere with test
- $this->setMwGlobals( array(
- 'wgSquidServersNoPurge' => array(),
- 'wgSquidServers' => array(),
- 'wgUsePrivateIPs' => false,
- 'wgHooks' => array(),
- ) );
-
$request = new WebRequest();
# Next call throw an exception about lacking an IP
$request->getIP();
--
To view, visit https://gerrit.wikimedia.org/r/95159
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ie99e9ac47f34a03b4f15e64c8a7ab8af7ec5e79b
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: wmf/1.23wmf3
Gerrit-Owner: Reedy <re...@wikimedia.org>
Gerrit-Reviewer: Reedy <re...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
