nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Define headers which to trust in configuration, thanks for help with this to Christian Schmidt, Peytz & Co.

Browse Source
This commit is contained in:
Michal Čihař
2006-11-18 12:59:37 +00:00
parent 74d1c7de63
commit 308043b032
3 changed files with 26 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@@ -5,6 +5,11 @@ phpMyAdmin - ChangeLog
$Id$ $Id$
$Source$ $Source$
2006-11-18 Michal Čihař <michal@cihar.com>
* Documentation.html, libraries/ip_allow_deny.lib.php: Define headers
which to trust in configuration, thanks for help with this to Christian
Schmidt, Peytz & Co.
2006-11-18 Marc Delisle <lem9@users.sourceforge.net> 2006-11-18 Marc Delisle <lem9@users.sourceforge.net>
* index.php, libraries/common.lib.php: undefined index * index.php, libraries/common.lib.php: undefined index

11
Documentation.html
View File

@@ -1404,10 +1404,17 @@ ALTER TABLE `pma_column_comments`
frequently use some of these move them to the top.</dd> frequently use some of these move them to the top.</dd>
<dt id="cfg_TrustedProxies">$cfg['TrustedProxies'] array</dt> <dt id="cfg_TrustedProxies">$cfg['TrustedProxies'] array</dt>
<dd>Lists proxies which are trusted for <a <dd>Lists proxies and HTTP headers which are trusted for <a
href="#servers_allowdeny_order">IP Allow/Deny</a>. This list is by href="#servers_allowdeny_order">IP Allow/Deny</a>. This list is by
default empty, you need to fill in some trusted proxy servers if you default empty, you need to fill in some trusted proxy servers if you
want to use rules for IP addresses behind proxy. want to use rules for IP addresses behind proxy.<br /><br />
Following example enables use of X-Forwarded-For header for proxy
1.2.3.4 and Coming-From header from 5.6.7.8:
<pre>
$cfg['TrustedProxyVariables'] =
array('1.2.3.4' =&gt; 'HTTP_X_FORWARDED_FOR',
'5.6.7.8' =&gt; 'HTTP_COMING_FROM');
</pre>
</dd> </dd>
<dt id="cfg_GD2Available">$cfg['GD2Available'] string</dt> <dt id="cfg_GD2Available">$cfg['GD2Available'] string</dt>

74
libraries/ip_allow_deny.lib.php
View File

@@ -17,76 +17,26 @@
*/ */
function PMA_getIp() function PMA_getIp()
{ {
global $REMOTE_ADDR; /* Get the address of user */
global $HTTP_X_FORWARDED_FOR, $HTTP_X_FORWARDED, $HTTP_FORWARDED_FOR, $HTTP_FORWARDED; if (!empty($_SERVER['REMOTE_ADDR'])) {
global $HTTP_VIA, $HTTP_X_COMING_FROM, $HTTP_COMING_FROM; $direct_ip = $_SERVER['REMOTE_ADDR'];
// Get some server/environment variables values
if (empty($REMOTE_ADDR) && PMA_getenv('REMOTE_ADDR')) {
$REMOTE_ADDR = PMA_getenv('REMOTE_ADDR');
}
if (empty($HTTP_X_FORWARDED_FOR) && PMA_getenv('HTTP_X_FORWARDED_FOR')) {
$HTTP_X_FORWARDED_FOR = PMA_getenv('HTTP_X_FORWARDED_FOR');
}
if (empty($HTTP_X_FORWARDED) && PMA_getenv('HTTP_X_FORWARDED')) {
$HTTP_X_FORWARDED = PMA_getenv('HTTP_X_FORWARDED');
}
if (empty($HTTP_FORWARDED_FOR) && PMA_getenv('HTTP_FORWARDED_FOR')) {
$HTTP_FORWARDED_FOR = PMA_getenv('HTTP_FORWARDED_FOR');
}
if (empty($HTTP_FORWARDED) && PMA_getenv('HTTP_FORWARDED')) {
$HTTP_FORWARDED = PMA_getenv('HTTP_FORWARDED');
}
if (empty($HTTP_VIA) && PMA_getenv('HTTP_VIA')) {
$HTTP_VIA = PMA_getenv('HTTP_VIA');
}
if (empty($HTTP_X_COMING_FROM) && PMA_getenv('HTTP_X_COMING_FROM')) {
$HTTP_X_COMING_FROM = PMA_getenv('HTTP_X_COMING_FROM');
}
if (empty($HTTP_COMING_FROM) && PMA_getenv('HTTP_COMING_FROM')) {
$HTTP_COMING_FROM = PMA_getenv('HTTP_COMING_FROM');
}
// Gets the default ip sent by the user
if (!empty($REMOTE_ADDR)) {
$direct_ip = $REMOTE_ADDR;
} else { } else {
$direct_ip = ''; /* We do not know remote IP */
return false;
} }
// Gets the proxy ip sent by the user /* Do we trust this IP as a proxy? If yes we will use it's header. */
$proxy_ip = ''; if (isset($GLOBALS['cfg']['TrustedProxies'][$direct_ip])) {
if (!empty($HTTP_X_FORWARDED_FOR)) { $proxy_ip = PMA_getenv($GLOBALS['cfg']['TrustedProxies'][$direct_ip]);
$proxy_ip = $HTTP_X_FORWARDED_FOR;
} elseif (!empty($HTTP_X_FORWARDED)) {
$proxy_ip = $HTTP_X_FORWARDED;
} elseif (!empty($HTTP_FORWARDED_FOR)) {
$proxy_ip = $HTTP_FORWARDED_FOR;
} elseif (!empty($HTTP_FORWARDED)) {
$proxy_ip = $HTTP_FORWARDED;
} elseif (!empty($HTTP_VIA)) {
$proxy_ip = $HTTP_VIA;
} elseif (!empty($HTTP_X_COMING_FROM)) {
$proxy_ip = $HTTP_X_COMING_FROM;
} elseif (!empty($HTTP_COMING_FROM)) {
$proxy_ip = $HTTP_COMING_FROM;
} // end if... elseif...
// Returns the true IP if it has been found, else false
if (empty($proxy_ip) || !in_array($direct_ip, $GLOBALS['cfg']['TrustedProxies'])) {
// True IP without proxy
return $direct_ip;
} else {
$is_ip = preg_match('|^([0-9]{1,3}\.){3,3}[0-9]{1,3}|', $proxy_ip, $regs); $is_ip = preg_match('|^([0-9]{1,3}\.){3,3}[0-9]{1,3}|', $proxy_ip, $regs);
if ($is_ip && (count($regs) > 0)) { if ($is_ip && (count($regs) > 0)) {
// True IP behind a proxy // True IP behind a proxy
return $regs[0]; return $regs[0];
} else {
// Can't define IP: there is a proxy but we don't have
// information about the true IP
return false;
} }
} // end if... else... }
/* Return true IP */
return $direct_ip;
} // end of the 'PMA_getIp()' function } // end of the 'PMA_getIp()' function