wiki.techinc.nl/includes/ProxyTools.php

<?php
/**
 * Functions for dealing with proxies
 *
 * @file
 */

/**
 * Extracts the XFF string from the request header
 * Note: headers are spoofable
 *
 * @deprecated in 1.19; use $wgRequest->getHeader( 'X-Forwarded-For' ) instead.
 * @return string
 */
function wfGetForwardedFor() {
	wfDeprecated( __METHOD__, '1.19' );
	global $wgRequest;
	return $wgRequest->getHeader( 'X-Forwarded-For' );
}

/**
 * Returns the browser/OS data from the request header
 * Note: headers are spoofable
 *
 * @deprecated in 1.18; use $wgRequest->getHeader( 'User-Agent' ) instead.
 * @return string
 */
function wfGetAgent() {
	wfDeprecated( __METHOD__, '1.18' );
	global $wgRequest;
	return $wgRequest->getHeader( 'User-Agent' );
}

/**
 * Work out the IP address based on various globals
 * For trusted proxies, use the XFF client IP (first of the chain)
 *
 * @deprecated in 1.19; call $wgRequest->getIP() directly.
 * @return string
 */
function wfGetIP() {
	wfDeprecated( __METHOD__, '1.19' );
	global $wgRequest;
	return $wgRequest->getIP();
}

/**
 * Checks if an IP is a trusted proxy providor.
 * Useful to tell if X-Fowarded-For data is possibly bogus.
 * Squid cache servers for the site are whitelisted.
 *
 * @param $ip String
 * @return bool
 */
function wfIsTrustedProxy( $ip ) {
	global $wgSquidServers, $wgSquidServersNoPurge;

	$trusted = in_array( $ip, $wgSquidServers ) ||
		in_array( $ip, $wgSquidServersNoPurge );
	wfRunHooks( 'IsTrustedProxy', array( &$ip, &$trusted ) );
	return $trusted;
}

/**
 * Forks processes to scan the originating IP for an open proxy server
 * MemCached can be used to skip IPs that have already been scanned
 */
function wfProxyCheck() {
	global $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath;
	global $wgMemc, $wgProxyMemcExpiry, $wgRequest;
	global $wgProxyKey;

	if ( !$wgBlockOpenProxies ) {
		return;
	}

	$ip = $wgRequest->getIP();

	# Get MemCached key
	$mcKey = wfMemcKey( 'proxy', 'ip', $ip );
	$mcValue = $wgMemc->get( $mcKey );
	$skip = (bool)$mcValue;

	# Fork the processes
	if ( !$skip ) {
		$title = SpecialPage::getTitleFor( 'Blockme' );
		$iphash = md5( $ip . $wgProxyKey );
		$url = wfExpandUrl( $title->getFullURL( 'ip='.$iphash ), PROTO_HTTP );

		foreach ( $wgProxyPorts as $port ) {
			$params = implode( ' ', array(
						escapeshellarg( $wgProxyScriptPath ),
						escapeshellarg( $ip ),
						escapeshellarg( $port ),
						escapeshellarg( $url )
						));
			exec( "php $params >" . wfGetNull() . " 2>&1 &" );
		}
		# Set MemCached key
		$wgMemc->set( $mcKey, 1, $wgProxyMemcExpiry );
	}
}
Adding some validation for IP determination via XFF headers, in preparation for adding ISP proxies to the trusted proxy list, which may occasionally give invalid XFF headers 2005-03-31 09:10:25 +00:00			`<?php`
			`/**`
			`* Functions for dealing with proxies`
* Standardised file description headers * Added some descriptions * Added @file where needed 2010-08-14 17:42:40 +00:00			`*`
WARNING: HUGE COMMIT Doxygen documentation update: * Changed alls @addtogroup to @ingroup. @addtogroup adds the comment to the group description, but doesn't add the file, class, function, ... to the group like @ingroup does. See for example http://svn.wikimedia.org/doc/group__SpecialPage.html where it's impossible to see related files, classes, ... that should belong to that group. * Added @file to file description, it seems that it should be explicitely decalred for file descriptions, otherwise doxygen will think that the comment document the first class, variabled, function, ... that is in that file. * Removed some empty comments * Removed some ?> Added following groups: * ExternalStorage * JobQueue * MaintenanceLanguage One more thing: there are still a lot of warnings when generating the doc. 2008-05-20 17:13:28 +00:00			`* @file`
Adding some validation for IP determination via XFF headers, in preparation for adding ISP proxies to the trusted proxy list, which may occasionally give invalid XFF headers 2005-03-31 09:10:25 +00:00			`*/`

*Document some older functions 2007-04-23 18:06:37 +00:00			`/**`
			`* Extracts the XFF string from the request header`
			`* Note: headers are spoofable`
Moved wfGetIP() to WebRequest::getIP(): * Changed all calls in core to the latter * Also marked wfGetForwardedFor() as deprecated * Moved wfGetIP() tests to WebRequestTest 2011-08-18 20:03:30 +00:00			`*`
			`* @deprecated in 1.19; use $wgRequest->getHeader( 'X-Forwarded-For' ) instead.`
*Document some older functions 2007-04-23 18:06:37 +00:00			`* @return string`
			`*/`
Revert to r14512; domas introduced massive breakage with incomplete experimental changes. They will be recommitted when they work. :) 2006-06-01 08:19:02 +00:00			`function wfGetForwardedFor() {`
added missing deprecation notices 2011-12-13 19:51:03 +00:00			`wfDeprecated( __METHOD__, '1.19' );`
Moved wfGetIP() to WebRequest::getIP(): * Changed all calls in core to the latter * Also marked wfGetForwardedFor() as deprecated * Moved wfGetIP() tests to WebRequestTest 2011-08-18 20:03:30 +00:00			`global $wgRequest;`
			`return $wgRequest->getHeader( 'X-Forwarded-For' );`
* Added useragent and an xff function and header 2007-02-12 01:02:35 +00:00			`}`

*Document some older functions 2007-04-23 18:06:37 +00:00			`/**`
			`* Returns the browser/OS data from the request header`
			`* Note: headers are spoofable`
Deprecated wfGetAgent(), use $wgRequest->getHeader( 'User-Agent' ) instead 2011-06-03 10:41:53 +00:00			`*`
Update code comments that point to 1.18 to point to 1.19 2011-07-18 23:01:08 +00:00			`* @deprecated in 1.18; use $wgRequest->getHeader( 'User-Agent' ) instead.`
*Document some older functions 2007-04-23 18:06:37 +00:00			`* @return string`
			`*/`
* Added useragent and an xff function and header 2007-02-12 01:02:35 +00:00			`function wfGetAgent() {`
added missing deprecation notices 2011-12-13 19:51:03 +00:00			`wfDeprecated( __METHOD__, '1.18' );`
Moved wfGetIP() to WebRequest::getIP(): * Changed all calls in core to the latter * Also marked wfGetForwardedFor() as deprecated * Moved wfGetIP() tests to WebRequestTest 2011-08-18 20:03:30 +00:00			`global $wgRequest;`
			`return $wgRequest->getHeader( 'User-Agent' );`
Revert to r14512; domas introduced massive breakage with incomplete experimental changes. They will be recommitted when they work. :) 2006-06-01 08:19:02 +00:00			`}`
* Protect against spoofing of X-Forwarded-For header 2006-01-07 21:44:10 +00:00
*Document some older functions 2007-04-23 18:06:37 +00:00			`/**`
			`* Work out the IP address based on various globals`
			`* For trusted proxies, use the XFF client IP (first of the chain)`
Moved wfGetIP() to WebRequest::getIP(): * Changed all calls in core to the latter * Also marked wfGetForwardedFor() as deprecated * Moved wfGetIP() tests to WebRequestTest 2011-08-18 20:03:30 +00:00			`*`
			`* @deprecated in 1.19; call $wgRequest->getIP() directly.`
*Document some older functions 2007-04-23 18:06:37 +00:00			`* @return string`
			`*/`
Moved wfGetIP() to WebRequest::getIP(): * Changed all calls in core to the latter * Also marked wfGetForwardedFor() as deprecated * Moved wfGetIP() tests to WebRequestTest 2011-08-18 20:03:30 +00:00			`function wfGetIP() {`
added missing deprecation notices 2011-12-13 19:51:03 +00:00			`wfDeprecated( __METHOD__, '1.19' );`
Moved wfGetIP() to WebRequest::getIP(): * Changed all calls in core to the latter * Also marked wfGetForwardedFor() as deprecated * Moved wfGetIP() tests to WebRequestTest 2011-08-18 20:03:30 +00:00			`global $wgRequest;`
			`return $wgRequest->getIP();`
Revert to r14512; domas introduced massive breakage with incomplete experimental changes. They will be recommitted when they work. :) 2006-06-01 08:19:02 +00:00			`}`

*Document some older functions 2007-04-23 18:06:37 +00:00			`/**`
Removed mention of AOL, no longer true since r39892 2011-08-18 21:04:29 +00:00			`* Checks if an IP is a trusted proxy providor.`
			`* Useful to tell if X-Fowarded-For data is possibly bogus.`
			`* Squid cache servers for the site are whitelisted.`
			`*`
fix some doxygen errors 2009-12-11 22:19:37 +00:00			`* @param $ip String`
*Document some older functions 2007-04-23 18:06:37 +00:00			`* @return bool`
			`*/`
* Added temporary special-case AOL proxy detection, they're automatically counted as trusted proxies for now. * Removed wfRangeStartEnd() and wfIsAddressInRange() -- avoid proliferation of global functions. 2006-11-25 16:24:44 +00:00			`function wfIsTrustedProxy( $ip ) {`
			`global $wgSquidServers, $wgSquidServersNoPurge;`

Type hinting Braces Remove extra whitespace 2011-04-25 21:25:45 +00:00			`$trusted = in_array( $ip, $wgSquidServers ) \|\|`
			`in_array( $ip, $wgSquidServersNoPurge );`
* Added temporary special-case AOL proxy detection, they're automatically counted as trusted proxies for now. * Removed wfRangeStartEnd() and wfIsAddressInRange() -- avoid proliferation of global functions. 2006-11-25 16:24:44 +00:00			`wfRunHooks( 'IsTrustedProxy', array( &$ip, &$trusted ) );`
			`return $trusted;`
			`}`

Revert to r14512; domas introduced massive breakage with incomplete experimental changes. They will be recommitted when they work. :) 2006-06-01 08:19:02 +00:00			`/**`
			`* Forks processes to scan the originating IP for an open proxy server`
			`* MemCached can be used to skip IPs that have already been scanned`
			`*/`
			`function wfProxyCheck() {`
			`global $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath;`
Moved wfGetIP() to WebRequest::getIP(): * Changed all calls in core to the latter * Also marked wfGetForwardedFor() as deprecated * Moved wfGetIP() tests to WebRequestTest 2011-08-18 20:03:30 +00:00			`global $wgMemc, $wgProxyMemcExpiry, $wgRequest;`
Reverting r40323, as per comments on wikitech-l. Deprecated doesn't mean removed. It doesn't even mean it'll be removed in the future. It just means you shouldn't use it. 2008-09-03 02:28:41 +00:00			`global $wgProxyKey;`
* s~\t+$~~ 2006-01-07 13:31:29 +00:00
Revert to r14512; domas introduced massive breakage with incomplete experimental changes. They will be recommitted when they work. :) 2006-06-01 08:19:02 +00:00			`if ( !$wgBlockOpenProxies ) {`
			`return;`
			`}`
Deferred initialisation of $wgIP, because it's potentially slow, especially if and when we add the 200 NTL proxies to the trusted XFF list. I was hoping to avoid initialisation altogether for anonymous page views, but that turns out to be difficult because of user_newtalk. It is, however, avoided for action=raw. Tested page view, newtalk, IP registration in history and recentchanges, IP block, autoblock and Special:Version. Also moved the old proxy scan code from EditPage.php to a more appropriate location in ProxyTools.php. 2005-09-05 02:22:20 +00:00
Moved wfGetIP() to WebRequest::getIP(): * Changed all calls in core to the latter * Also marked wfGetForwardedFor() as deprecated * Moved wfGetIP() tests to WebRequestTest 2011-08-18 20:03:30 +00:00			`$ip = $wgRequest->getIP();`
Use AutoLoader to load classes: * remove require_once() throughout whole code, yet left in few places * move global functions in HttpUtils, ProxyTools, Credits to class methods * php5 only: __autoload() now used, combined with class->file map and require() * move initialization of $wgValidSkinNames to Skin::getSkinNames() * few more changes that will surely break stuff. 2006-06-01 07:22:49 +00:00
Revert to r14512; domas introduced massive breakage with incomplete experimental changes. They will be recommitted when they work. :) 2006-06-01 08:19:02 +00:00			`# Get MemCached key`
* Update docs/memcached.txt * Kill call to $wgUseMemCached in includes/ProxyTools.php 2008-03-01 15:08:49 +00:00			`$mcKey = wfMemcKey( 'proxy', 'ip', $ip );`
			`$mcValue = $wgMemc->get( $mcKey );`
			`$skip = (bool)$mcValue;`
Deferred initialisation of $wgIP, because it's potentially slow, especially if and when we add the 200 NTL proxies to the trusted XFF list. I was hoping to avoid initialisation altogether for anonymous page views, but that turns out to be difficult because of user_newtalk. It is, however, avoided for action=raw. Tested page view, newtalk, IP registration in history and recentchanges, IP block, autoblock and Special:Version. Also moved the old proxy scan code from EditPage.php to a more appropriate location in ProxyTools.php. 2005-09-05 02:22:20 +00:00
Revert to r14512; domas introduced massive breakage with incomplete experimental changes. They will be recommitted when they work. :) 2006-06-01 08:19:02 +00:00			`# Fork the processes`
			`if ( !$skip ) {`
* Made special page names case-insensitive and localisable. Care has been taken to maintain backwards compatibility. * Used special page subpages in a few more places, instead of query parameters 2006-10-30 06:25:31 +00:00			`$title = SpecialPage::getTitleFor( 'Blockme' );`
Reverting r40323, as per comments on wikitech-l. Deprecated doesn't mean removed. It doesn't even mean it'll be removed in the future. It just means you shouldn't use it. 2008-09-03 02:28:41 +00:00			`$iphash = md5( $ip . $wgProxyKey );`
Expand some more URLs: for feeds, referers and the proxy script 2011-08-19 17:31:40 +00:00			`$url = wfExpandUrl( $title->getFullURL( 'ip='.$iphash ), PROTO_HTTP );`
Revert to r14512; domas introduced massive breakage with incomplete experimental changes. They will be recommitted when they work. :) 2006-06-01 08:19:02 +00:00
			`foreach ( $wgProxyPorts as $port ) {`
			`$params = implode( ' ', array(`
			`escapeshellarg( $wgProxyScriptPath ),`
			`escapeshellarg( $ip ),`
			`escapeshellarg( $port ),`
			`escapeshellarg( $url )`
			`));`
Followup to r52671, fix redirection syntax to work with windows as well. 2009-08-25 15:47:46 +00:00			`exec( "php $params >" . wfGetNull() . " 2>&1 &" );`
Revert to r14512; domas introduced massive breakage with incomplete experimental changes. They will be recommitted when they work. :) 2006-06-01 08:19:02 +00:00			`}`
			`# Set MemCached key`
* Update docs/memcached.txt * Kill call to $wgUseMemCached in includes/ProxyTools.php 2008-03-01 15:08:49 +00:00			`$wgMemc->set( $mcKey, 1, $wgProxyMemcExpiry );`
Faster IP blocks. Requires schema change. 2005-12-01 10:37:47 +00:00			`}`
Revert to r14512; domas introduced massive breakage with incomplete experimental changes. They will be recommitted when they work. :) 2006-06-01 08:19:02 +00:00			`}`