Aaron Schulz has uploaded a new change for review.
https://gerrit.wikimedia.org/r/84866
Change subject: Do not use invalid IPs from XFFs to avoid exceptions
......................................................................
Do not use invalid IPs from XFFs to avoid exceptions
Change-Id: Ib81e06527c2f7a8d9c288b56c0f46610a4517f74
---
M includes/WebRequest.php
1 file changed, 7 insertions(+), 4 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/66/84866/1
diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index 23eee04..c8fc8d1 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -1144,10 +1144,13 @@
foreach ( $ipchain as $i => $curIP ) {
$curIP = IP::sanitizeIP( IP::canonicalize(
$curIP ) );
if ( wfIsTrustedProxy( $curIP ) && isset(
$ipchain[$i + 1] ) ) {
- if ( wfIsConfiguredProxy( $curIP ) ||
// bug 48919
- ( IP::isPublic( $ipchain[$i +
1] ) || $wgUsePrivateIPs )
- ) {
- $ip = IP::canonicalize(
$ipchain[$i + 1] );
+ $nextIP = IP::canonicalize( $ipchain[$i
+ 1] );
+ if ( $nextIP && (
+ wfIsConfiguredProxy( $curIP )
|| // bug 48919; treat IP as sane
+ IP::isPublic( $ipchain[$i + 1]
) ||
+ $wgUsePrivateIPs
+ ) ) {
+ $ip = $nextIP;
continue;
}
}
--
To view, visit https://gerrit.wikimedia.org/r/84866
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib81e06527c2f7a8d9c288b56c0f46610a4517f74
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Aaron Schulz <asch...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
