Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
91.67% |
11 / 12 |
|
100.00% |
3 / 3 |
CRAP | |
100.00% |
1 / 1 |
| ProxyLookup | |
100.00% |
11 / 11 |
|
100.00% |
3 / 3 |
5 | |
100.00% |
1 / 1 |
| __construct | |
100.00% |
3 / 3 |
|
100.00% |
1 / 1 |
1 | |||
| isConfiguredProxy | |
100.00% |
5 / 5 |
|
100.00% |
1 / 1 |
3 | |||
| isTrustedProxy | |
100.00% |
3 / 3 |
|
100.00% |
1 / 1 |
1 | |||
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * This program is free software; you can redistribute it and/or modify |
| 5 | * it under the terms of the GNU General Public License as published by |
| 6 | * the Free Software Foundation; either version 2 of the License, or |
| 7 | * (at your option) any later version. |
| 8 | * |
| 9 | * This program is distributed in the hope that it will be useful, |
| 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 | * GNU General Public License for more details. |
| 13 | * |
| 14 | * You should have received a copy of the GNU General Public License along |
| 15 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 16 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| 17 | * http://www.gnu.org/copyleft/gpl.html |
| 18 | * |
| 19 | * @file |
| 20 | */ |
| 21 | |
| 22 | namespace MediaWiki\Request; |
| 23 | |
| 24 | use MediaWiki\HookContainer\HookContainer; |
| 25 | use MediaWiki\HookContainer\HookRunner; |
| 26 | use Wikimedia\IPSet; |
| 27 | |
| 28 | /** |
| 29 | * @since 1.28 |
| 30 | */ |
| 31 | class ProxyLookup { |
| 32 | |
| 33 | /** @var string[] */ |
| 34 | private $proxyServers; |
| 35 | |
| 36 | /** @var string[] */ |
| 37 | private $proxyServersComplex; |
| 38 | |
| 39 | /** @var IPSet|null */ |
| 40 | private $proxyIPSet; |
| 41 | |
| 42 | /** @var HookRunner */ |
| 43 | private $hookRunner; |
| 44 | |
| 45 | /** |
| 46 | * @param string[] $proxyServers Simple list of IPs |
| 47 | * @param string[] $proxyServersComplex Complex list of IPs/ranges |
| 48 | * @param HookContainer $hookContainer |
| 49 | */ |
| 50 | public function __construct( |
| 51 | $proxyServers, |
| 52 | $proxyServersComplex, |
| 53 | HookContainer $hookContainer |
| 54 | ) { |
| 55 | $this->proxyServers = $proxyServers; |
| 56 | $this->proxyServersComplex = $proxyServersComplex; |
| 57 | $this->hookRunner = new HookRunner( $hookContainer ); |
| 58 | } |
| 59 | |
| 60 | /** |
| 61 | * Checks if an IP matches a proxy we've configured |
| 62 | * |
| 63 | * @param string $ip |
| 64 | * @return bool |
| 65 | */ |
| 66 | public function isConfiguredProxy( $ip ) { |
| 67 | // Quick check of known singular proxy servers |
| 68 | if ( in_array( $ip, $this->proxyServers, true ) ) { |
| 69 | return true; |
| 70 | } |
| 71 | |
| 72 | // Check against addresses and CIDR nets in the complex list |
| 73 | if ( !$this->proxyIPSet ) { |
| 74 | $this->proxyIPSet = new IPSet( $this->proxyServersComplex ); |
| 75 | } |
| 76 | return $this->proxyIPSet->match( $ip ); |
| 77 | } |
| 78 | |
| 79 | /** |
| 80 | * Checks if an IP is a trusted proxy provider. |
| 81 | * Useful to tell if X-Forwarded-For data is possibly bogus. |
| 82 | * CDN cache servers for the site are allowed. |
| 83 | * |
| 84 | * @param string $ip |
| 85 | * @return bool |
| 86 | */ |
| 87 | public function isTrustedProxy( $ip ) { |
| 88 | $trusted = $this->isConfiguredProxy( $ip ); |
| 89 | $this->hookRunner->onIsTrustedProxy( $ip, $trusted ); |
| 90 | return $trusted; |
| 91 | } |
| 92 | } |
| 93 | |
| 94 | /** @deprecated class alias since 1.41 */ |
| 95 | class_alias( ProxyLookup::class, 'ProxyLookup' ); |