[wikka-community] few feature idea / improvement suggestion's

morten hundevad fannoj
Sat Sep 26 11:44:09 GMT 2009 

Hi all

I am new to wikka, but i working with integration in to joomla

1# right now the you can see the results here:
http://joomla.fanno.dk/universal-wikka/HomePage right now you see the host
as "Your hostname is ws38.surf-town.net" because that i am using curl to
integrate wikka in to joomla. my idea is to fix this by adding support for
using the X-Forwarded-For header allowing me to send the users ip adress
throw to wikka via the X-Forwarded-For header, however one might want to add
in the config a list of trusted hosts so that wikka will only trust the
X-Forwarded-For if it comes from certen ip adress (in this case it self)
below i post the "main functions in mediawiki that allow for the same
feature.

#2 i have problem with curl login because the username in the login form is
missing the type="text" any change this could be added ? as it is causing
headacke for oure curl login class because using size="#" don't seem to
cause some problems on our end.


------------------------------------------------------ code start
------------------------------------------------------
/**
 * Extracts the XFF string from the request header
 * Checks first for "X-Forwarded-For", then "Client-ip"
 * Note: headers are spoofable
 * @return string
 */
function wfGetForwardedFor() {
    if( function_exists( 'apache_request_headers' ) ) {
        // More reliable than $_SERVER due to case and -/_ folding
        $set = array ();
        foreach ( apache_request_headers() as $tempName => $tempValue ) {
            $set[ strtoupper( $tempName ) ] = $tempValue;
        }
        $index = strtoupper ( 'X-Forwarded-For' );
        $index2 = strtoupper ( 'Client-ip' );
    } else {
        // Subject to spoofing with headers like X_Forwarded_For
        $set = $_SERVER;
        $index = 'HTTP_X_FORWARDED_FOR';
        $index2 = 'CLIENT-IP';
    }

    #Try a couple of headers
    if( isset( $set[$index] ) ) {
        return $set[$index];
    } else if( isset( $set[$index2] ) ) {
        return $set[$index2];
    } else {
        return null;
    }
}

/**
 * Work out the IP address based on various globals
 * For trusted proxies, use the XFF client IP (first of the chain)
 * @return string
 */
function wfGetIP() {
    global $wgIP, $wgUsePrivateIPs;

    # Return cached result
    if ( !empty( $wgIP ) ) {
        return $wgIP;
    }

    /* collect the originating ips */
    # Client connecting to this webserver
    if ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
        $ipchain = array( IP::canonicalize( $_SERVER['REMOTE_ADDR'] ) );
    } else {
        # Running on CLI?
        $ipchain = array( '127.0.0.1' );
    }
    $ip = $ipchain[0];

    # Append XFF on to $ipchain
    $forwardedFor = wfGetForwardedFor();
    if ( isset( $forwardedFor ) ) {
        $xff = array_map( 'trim', explode( ',', $forwardedFor ) );
        $xff = array_reverse( $xff );
        $ipchain = array_merge( $ipchain, $xff );
    }

    # Step through XFF list and find the last address in the list which is a
trusted server
    # Set $ip to the IP address given by that trusted server, unless the
address is not sensible (e.g. private)
    foreach ( $ipchain as $i => $curIP ) {
        $curIP = IP::canonicalize( $curIP );
        if ( wfIsTrustedProxy( $curIP ) ) {
            if ( isset( $ipchain[$i + 1] ) ) {
                if( $wgUsePrivateIPs || IP::isPublic( $ipchain[$i + 1 ] ) )
{
                    $ip = $ipchain[$i + 1];
                }
            }
        } else {
            break;
        }
    }

    wfDebug( "IP: $ip\n" );
    $wgIP = $ip;
    return $ip;
}

/**
 * Checks if an IP is a trusted proxy providor
 * Useful to tell if X-Fowarded-For data is possibly bogus
 * Squid cache servers for the site and AOL are whitelisted
 * @param string $ip
 * @return bool
 */
function wfIsTrustedProxy( $ip ) {
    global $wgSquidServers, $wgSquidServersNoPurge;

    if ( in_array( $ip, $wgSquidServers ) ||
        in_array( $ip, $wgSquidServersNoPurge )
    ) {
        $trusted = true;
    } else {
        $trusted = false;
    }
    wfRunHooks( 'IsTrustedProxy', array( &$ip, &$trusted ) );
    return $trusted;
}
------------------------------------------------------ code end
------------------------------------------------------


-Thanks for listening/reading along
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.wikkawiki.org/pipermail/community_wikkawiki.org/attachments/20090926/1196b25b/attachment.html>

More information about the community mailing list