Changeset 808
- Timestamp:
- Mar 2, 2024 10:31:51 PM (2 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Utilities.inc.php
r807 r808 499 499 * @param int $len Maximum string length. 500 500 * @param string $where Where to cut the string. One of: 'start', 'middle', or 'end'. 501 * @param string $delim The delimiter to print where content is truncated. 501 502 * @return string Truncated output string. 502 503 * @author Quinn Comendant <quinn@strangecode.com> … … 1481 1482 * Returns the remote IP address, taking into consideration proxy servers. 1482 1483 * 1483 * If strict checking is enabled, we will only trust REMOTE_ADDR or an HTTP header 1484 * value if REMOTE_ADDR is a trusted proxy (configured as an array in $cfg['trusted_proxies']).1484 * If strict checking is enabled, we will only trust REMOTE_ADDR or an HTTP header value if 1485 * REMOTE_ADDR is a trusted proxy (configured as an array via $app->setParam(['trusted_proxies' => ['1.2.3.4', '5.6.7.8']]). 1485 1486 * 1486 1487 * @access public … … 1496 1497 function getRemoteAddr($dolookup=false, $trust_all_proxies=true) 1497 1498 { 1498 global $cfg;1499 $app =& App::getInstance(); 1499 1500 1500 1501 if (!isset($_SERVER['REMOTE_ADDR'])) { … … 1503 1504 } 1504 1505 1505 // Use an HTTP header value only if $trust_all_proxies is true or when REMOTE_ADDR is in our $cfg['trusted_proxies'] array. 1506 // $cfg['trusted_proxies'] is an array of proxy server addresses we expect to see in REMOTE_ADDR. 1507 if ($trust_all_proxies || isset($cfg['trusted_proxies']) && is_array($cfg['trusted_proxies']) && in_array($_SERVER['REMOTE_ADDR'], $cfg['trusted_proxies'], true)) { 1506 // Use an HTTP header value only if $trust_all_proxies is true or when REMOTE_ADDR is in our $trusted_proxies array. 1507 // $trusted_proxies is an array of proxy server addresses we expect to see in REMOTE_ADDR. 1508 $trusted_proxies = $app->getParam('trusted_proxies', []); 1509 if ($trust_all_proxies || is_array($trusted_proxies) && in_array($_SERVER['REMOTE_ADDR'], $trusted_proxies, true)) { 1508 1510 // Then it's probably safe to use an IP address value set in an HTTP header. 1509 1511 // Loop through possible IP address headers from those most likely to contain the correct value first. … … 1512 1514 // HTTP_CF_CONNECTING_IP: set by Cloudflare proxy 1513 1515 // HTTP_X_FORWARDED_FOR: defacto standard for web proxies 1514 foreach (array('HTTP_CLIENT_IP', 'HTTP_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED') as $key) { 1515 // Loop through and if 1516 if (array_key_exists($key, $_SERVER)) { 1516 foreach (['HTTP_CLIENT_IP', 'HTTP_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED'] as $key) { 1517 if (isset($_SERVER[$key]) && '' != $_SERVER[$key]) { 1517 1518 foreach (explode(',', $_SERVER[$key]) as $addr) { 1518 1519 // Strip non-address data to avoid "PHP Warning: inet_pton(): Unrecognized address for=189.211.197.173 in ./Utilities.inc.php on line 1293" 1519 1520 $addr = preg_replace('/[^=]=/', '', $addr); 1520 1521 $addr = canonicalIPAddr(trim($addr)); 1522 // Exclude invalid, private, or reserved IP addresses (a proxy server may be using a private IP). 1521 1523 if (false !== filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { 1522 1524 return $dolookup && '' != $addr ? gethostbyaddr($addr) : $addr; … … 1528 1530 1529 1531 $addr = canonicalIPAddr(trim($_SERVER['REMOTE_ADDR'])); 1530 if (false !== filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {1532 if (false !== filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_IPV4)) { 1531 1533 return $dolookup && '' != $addr ? gethostbyaddr($addr) : $addr; 1532 1534 } … … 1671 1673 (isset($u['scheme']) && '' != $u['scheme'] ? $u['scheme'] . '://' : ''), 1672 1674 (isset($u['host']) && '' != $u['host'] ? $u['host'] : ''), 1673 (isset($u['path']) && '' != $u['path'] ? $u['path'] : ' /'),1675 (isset($u['path']) && '' != $u['path'] ? $u['path'] : ''), 1674 1676 (isset($u['query']) && '' != $u['query'] ? '?' . $u['query'] : ''), 1675 1677 (isset($u['fragment']) && '' != $u['fragment'] ? '#' . $u['fragment'] : '') 1676 1678 ); 1679 } 1680 1681 /* 1682 * Strip tracking query parameters from a URL. 1683 * 1684 * @access public 1685 * @param string $url URL which may contain query parameters. 1686 * @param mixed $tracking_params An array of tracking parameters to remove, or null to use a default set. 1687 * @return string The URL with query params removed. 1688 * @author Quinn Comendant <quinn@strangecode.com> 1689 * @since 02 Mar 2024 16:11:27 1690 */ 1691 function removeURLTrackingParameters($url, $tracking_params=null) 1692 { 1693 // Use a default set of tracking params if not specified. 1694 $tracking_params = isset($tracking_params) ? $tracking_params : [ 1695 'utm_source', 'utm_medium', 'utm_campaign', 'utm_term', 'utm_content', 'utm_id', 'utm_source_platform', 'utm_marketing_tactic', 'utm_creative_format', 1696 'gclid', 'gbraid', 'wbraid', 'dclid', 'fbclid', 'msclkid', 'awc', 'pclk', 'mc_eid', 'twclid', 'igshid', 1697 ]; 1698 1699 $u = parse_url($url); 1700 if (isset($u['query']) && '' != $u['query']) { 1701 parse_str($u['query'], $params); 1702 foreach ($tracking_params as $p) { 1703 unset($params[$p]); 1704 } 1705 $u['query'] = http_build_query($params); 1706 1707 return sprintf('%s%s%s%s%s', 1708 (isset($u['scheme']) && '' != $u['scheme'] ? $u['scheme'] . '://' : ''), 1709 (isset($u['host']) && '' != $u['host'] ? $u['host'] : ''), 1710 (isset($u['path']) && '' != $u['path'] ? $u['path'] : ''), 1711 (isset($u['query']) && '' != $u['query'] ? '?' . $u['query'] : ''), 1712 (isset($u['fragment']) && '' != $u['fragment'] ? '#' . $u['fragment'] : '') 1713 ); 1714 } 1715 1716 return $url; 1677 1717 } 1678 1718
Note: See TracChangeset
for help on using the changeset viewer.