[wikka-community] few feature idea / improvement suggestion's
morten hundevad
fannoj
Sat Sep 26 11:44:09 GMT 2009
Hi all
I am new to wikka, but i working with integration in to joomla
1# right now the you can see the results here:
http://joomla.fanno.dk/universal-wikka/HomePage right now you see the host
as "Your hostname is ws38.surf-town.net" because that i am using curl to
integrate wikka in to joomla. my idea is to fix this by adding support for
using the X-Forwarded-For header allowing me to send the users ip adress
throw to wikka via the X-Forwarded-For header, however one might want to add
in the config a list of trusted hosts so that wikka will only trust the
X-Forwarded-For if it comes from certen ip adress (in this case it self)
below i post the "main functions in mediawiki that allow for the same
feature.
#2 i have problem with curl login because the username in the login form is
missing the type="text" any change this could be added ? as it is causing
headacke for oure curl login class because using size="#" don't seem to
cause some problems on our end.
------------------------------------------------------ code start
------------------------------------------------------
/**
* Extracts the XFF string from the request header
* Checks first for "X-Forwarded-For", then "Client-ip"
* Note: headers are spoofable
* @return string
*/
function wfGetForwardedFor() {
if( function_exists( 'apache_request_headers' ) ) {
// More reliable than $_SERVER due to case and -/_ folding
$set = array ();
foreach ( apache_request_headers() as $tempName => $tempValue ) {
$set[ strtoupper( $tempName ) ] = $tempValue;
}
$index = strtoupper ( 'X-Forwarded-For' );
$index2 = strtoupper ( 'Client-ip' );
} else {
// Subject to spoofing with headers like X_Forwarded_For
$set = $_SERVER;
$index = 'HTTP_X_FORWARDED_FOR';
$index2 = 'CLIENT-IP';
}
#Try a couple of headers
if( isset( $set[$index] ) ) {
return $set[$index];
} else if( isset( $set[$index2] ) ) {
return $set[$index2];
} else {
return null;
}
}
/**
* Work out the IP address based on various globals
* For trusted proxies, use the XFF client IP (first of the chain)
* @return string
*/
function wfGetIP() {
global $wgIP, $wgUsePrivateIPs;
# Return cached result
if ( !empty( $wgIP ) ) {
return $wgIP;
}
/* collect the originating ips */
# Client connecting to this webserver
if ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
$ipchain = array( IP::canonicalize( $_SERVER['REMOTE_ADDR'] ) );
} else {
# Running on CLI?
$ipchain = array( '127.0.0.1' );
}
$ip = $ipchain[0];
# Append XFF on to $ipchain
$forwardedFor = wfGetForwardedFor();
if ( isset( $forwardedFor ) ) {
$xff = array_map( 'trim', explode( ',', $forwardedFor ) );
$xff = array_reverse( $xff );
$ipchain = array_merge( $ipchain, $xff );
}
# Step through XFF list and find the last address in the list which is a
trusted server
# Set $ip to the IP address given by that trusted server, unless the
address is not sensible (e.g. private)
foreach ( $ipchain as $i => $curIP ) {
$curIP = IP::canonicalize( $curIP );
if ( wfIsTrustedProxy( $curIP ) ) {
if ( isset( $ipchain[$i + 1] ) ) {
if( $wgUsePrivateIPs || IP::isPublic( $ipchain[$i + 1 ] ) )
{
$ip = $ipchain[$i + 1];
}
}
} else {
break;
}
}
wfDebug( "IP: $ip\n" );
$wgIP = $ip;
return $ip;
}
/**
* Checks if an IP is a trusted proxy providor
* Useful to tell if X-Fowarded-For data is possibly bogus
* Squid cache servers for the site and AOL are whitelisted
* @param string $ip
* @return bool
*/
function wfIsTrustedProxy( $ip ) {
global $wgSquidServers, $wgSquidServersNoPurge;
if ( in_array( $ip, $wgSquidServers ) ||
in_array( $ip, $wgSquidServersNoPurge )
) {
$trusted = true;
} else {
$trusted = false;
}
wfRunHooks( 'IsTrustedProxy', array( &$ip, &$trusted ) );
return $trusted;
}
------------------------------------------------------ code end
------------------------------------------------------
-Thanks for listening/reading along
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.wikkawiki.org/pipermail/community_wikkawiki.org/attachments/20090926/1196b25b/attachment.html>
More information about the community
mailing list