Changeset 808


Ignore:
Timestamp:
Mar 2, 2024 10:31:51 PM (2 months ago)
Author:
anonymous
Message:

Add removeURLTrackingParameters() function. Minor fixes.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/lib/Utilities.inc.php

    r807 r808  
    499499 * @param   int     $len    Maximum string length.
    500500 * @param   string  $where  Where to cut the string. One of: 'start', 'middle', or 'end'.
     501 * @param   string  $delim  The delimiter to print where content is truncated.
    501502 * @return  string          Truncated output string.
    502503 * @author  Quinn Comendant <quinn@strangecode.com>
     
    14811482* Returns the remote IP address, taking into consideration proxy servers.
    14821483*
    1483 * If strict checking is enabled, we will only trust REMOTE_ADDR or an HTTP header
    1484 * value if REMOTE_ADDR is a trusted proxy (configured as an array in $cfg['trusted_proxies']).
     1484* If strict checking is enabled, we will only trust REMOTE_ADDR or an HTTP header value if
     1485* REMOTE_ADDR is a trusted proxy (configured as an array via $app->setParam(['trusted_proxies' => ['1.2.3.4', '5.6.7.8']]).
    14851486*
    14861487* @access   public
     
    14961497function getRemoteAddr($dolookup=false, $trust_all_proxies=true)
    14971498{
    1498     global $cfg;
     1499    $app =& App::getInstance();
    14991500
    15001501    if (!isset($_SERVER['REMOTE_ADDR'])) {
     
    15031504    }
    15041505
    1505     // Use an HTTP header value only if $trust_all_proxies is true or when REMOTE_ADDR is in our $cfg['trusted_proxies'] array.
    1506     // $cfg['trusted_proxies'] is an array of proxy server addresses we expect to see in REMOTE_ADDR.
    1507     if ($trust_all_proxies || isset($cfg['trusted_proxies']) && is_array($cfg['trusted_proxies']) && in_array($_SERVER['REMOTE_ADDR'], $cfg['trusted_proxies'], true)) {
     1506    // Use an HTTP header value only if $trust_all_proxies is true or when REMOTE_ADDR is in our $trusted_proxies array.
     1507    // $trusted_proxies is an array of proxy server addresses we expect to see in REMOTE_ADDR.
     1508    $trusted_proxies = $app->getParam('trusted_proxies', []);
     1509    if ($trust_all_proxies || is_array($trusted_proxies) && in_array($_SERVER['REMOTE_ADDR'], $trusted_proxies, true)) {
    15081510        // Then it's probably safe to use an IP address value set in an HTTP header.
    15091511        // Loop through possible IP address headers from those most likely to contain the correct value first.
     
    15121514        // HTTP_CF_CONNECTING_IP: set by Cloudflare proxy
    15131515        // HTTP_X_FORWARDED_FOR: defacto standard for web proxies
    1514         foreach (array('HTTP_CLIENT_IP', 'HTTP_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED') as $key) {
    1515             // Loop through and if
    1516             if (array_key_exists($key, $_SERVER)) {
     1516        foreach (['HTTP_CLIENT_IP', 'HTTP_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED'] as $key) {
     1517            if (isset($_SERVER[$key]) && '' != $_SERVER[$key]) {
    15171518                foreach (explode(',', $_SERVER[$key]) as $addr) {
    15181519                    // Strip non-address data to avoid "PHP Warning:  inet_pton(): Unrecognized address for=189.211.197.173 in ./Utilities.inc.php on line 1293"
    15191520                    $addr = preg_replace('/[^=]=/', '', $addr);
    15201521                    $addr = canonicalIPAddr(trim($addr));
     1522                    // Exclude invalid, private, or reserved IP addresses (a proxy server may be using a private IP).
    15211523                    if (false !== filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
    15221524                        return $dolookup && '' != $addr ? gethostbyaddr($addr) : $addr;
     
    15281530
    15291531    $addr = canonicalIPAddr(trim($_SERVER['REMOTE_ADDR']));
    1530     if (false !== filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
     1532    if (false !== filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_IPV4)) {
    15311533        return $dolookup && '' != $addr ? gethostbyaddr($addr) : $addr;
    15321534    }
     
    16711673        (isset($u['scheme'])    && '' != $u['scheme']   ? $u['scheme'] . '://' : ''),
    16721674        (isset($u['host'])      && '' != $u['host']     ? $u['host']           : ''),
    1673         (isset($u['path'])      && '' != $u['path']     ? $u['path']           : '/'),
     1675        (isset($u['path'])      && '' != $u['path']     ? $u['path']           : ''),
    16741676        (isset($u['query'])     && '' != $u['query']    ? '?' . $u['query']    : ''),
    16751677        (isset($u['fragment'])  && '' != $u['fragment'] ? '#' . $u['fragment'] : '')
    16761678    );
     1679}
     1680
     1681/*
     1682* Strip tracking query parameters from a URL.
     1683*
     1684* @access   public
     1685* @param string $url                URL which may contain query parameters.
     1686* @param mixed  $tracking_params    An array of tracking parameters to remove, or null to use a default set.
     1687* @return string The URL with query params removed.
     1688* @author   Quinn Comendant <quinn@strangecode.com>
     1689* @since    02 Mar 2024 16:11:27
     1690*/
     1691function removeURLTrackingParameters($url, $tracking_params=null)
     1692{
     1693    // Use a default set of tracking params if not specified.
     1694    $tracking_params = isset($tracking_params) ? $tracking_params : [
     1695        'utm_source', 'utm_medium', 'utm_campaign', 'utm_term', 'utm_content', 'utm_id', 'utm_source_platform', 'utm_marketing_tactic', 'utm_creative_format',
     1696        'gclid', 'gbraid', 'wbraid', 'dclid', 'fbclid', 'msclkid', 'awc', 'pclk', 'mc_eid', 'twclid', 'igshid',
     1697    ];
     1698
     1699    $u = parse_url($url);
     1700    if (isset($u['query']) && '' != $u['query']) {
     1701        parse_str($u['query'], $params);
     1702        foreach ($tracking_params as $p) {
     1703            unset($params[$p]);
     1704        }
     1705        $u['query'] = http_build_query($params);
     1706
     1707        return sprintf('%s%s%s%s%s',
     1708            (isset($u['scheme'])    && '' != $u['scheme']   ? $u['scheme'] . '://' : ''),
     1709            (isset($u['host'])      && '' != $u['host']     ? $u['host']           : ''),
     1710            (isset($u['path'])      && '' != $u['path']     ? $u['path']           : ''),
     1711            (isset($u['query'])     && '' != $u['query']    ? '?' . $u['query']    : ''),
     1712            (isset($u['fragment'])  && '' != $u['fragment'] ? '#' . $u['fragment'] : '')
     1713        );
     1714    }
     1715
     1716    return $url;
    16771717}
    16781718
Note: See TracChangeset for help on using the changeset viewer.