[MediaWiki-commits] [Gerrit] Add IPv6 range support, for Opera Turbo - change (mediawiki...TrustedXFF)

Wed, 03 Jul 2013 23:03:12 -0700 

jenkins-bot has submitted this change and it was merged.

Change subject: Add IPv6 range support, for Opera Turbo
......................................................................


Add IPv6 range support, for Opera Turbo

Tested only in eval.php. Checked that TrustedXFF::isTrusted() gives
appropriate responses for IPv6 addresses in and out of the Opera Turbo
range.

Change-Id: I1fc717b709d6bc35023bc6fe1b51fc384c5a6d8e
---
M TrustedXFF.php
M trusted-hosts.txt
2 files changed, 22 insertions(+), 5 deletions(-)

Approvals:
  Tim Starling: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/TrustedXFF.php b/TrustedXFF.php
index 58d55d5..e4cd4c5 100644
--- a/TrustedXFF.php
+++ b/TrustedXFF.php
@@ -33,6 +33,15 @@
 
        var $cdb;
 
+       // FIXME: IPv6 ranges need to be put here for now, there is no
+       // trusted-hosts.txt support. The ranges are too large to be expanded 
with
+       // the current CDB system.
+       static $ipv6Ranges = array(
+               // Opera Turbo
+               // Source: net-changes-mini
+               '2001:4c28::/32'
+       );
+
        static function onIsTrustedProxy( &$ip, &$trusted ) {
                // Don't want to override hosts that are already trusted
                if ( !$trusted ) {
@@ -70,7 +79,17 @@
                if ( $data ) {
                        return true;
                }
-               // TODO: IPv6 prefixes which aren't feasible to expand
+
+               // Try IPv6 ranges
+               if ( substr( $hex, 0, 2 ) === 'v6' ) {
+                       foreach ( self::$ipv6Ranges as $range ) {
+                               list( $start, $end ) = IP::parseRange( $range );
+                               if ( $hex >= $start && $hex <= $end ) {
+                                       return true;
+                               }
+                       }
+               }
+
                return false;
        }
 }
diff --git a/trusted-hosts.txt b/trusted-hosts.txt
index 5d7620e..b421d23 100644
--- a/trusted-hosts.txt
+++ b/trusted-hosts.txt
@@ -3,7 +3,8 @@
 #
 #     http://meta.wikimedia.org/wiki/XFF_project
 #
-
+# Note: IPv6 ranges cannot currently be listed in this file. They are 
+# listed in TrustedXFF.php instead.
 
 
 # AOL
@@ -566,9 +567,6 @@
 209.170.68.0/24
 217.212.226.0/24
 217.212.230.0/23
-
-# Opera
-2001:4c28::/32
 
 # True Internet (Thailand)
 61.91.190.242

-- 
To view, visit https://gerrit.wikimedia.org/r/66182
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I1fc717b709d6bc35023bc6fe1b51fc384c5a6d8e
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/TrustedXFF
Gerrit-Branch: master
Gerrit-Owner: Tim Starling <tstarl...@wikimedia.org>
Gerrit-Reviewer: MZMcBride <w...@mzmcbride.com>
Gerrit-Reviewer: Reedy <re...@wikimedia.org>
Gerrit-Reviewer: Tim Starling <tstarl...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to