Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Ivan Ivlev
bugzilla
Commits
8d2b07ea
Commit
8d2b07ea
authored
Dec 31, 2009
by
mkanat%bugzilla.org
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 527586: Use X-Forwarded-For instead of REMOTE_ADDR for trusted proxies
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
parent
1a4a843d
Show whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
33 additions
and
14 deletions
+33
-14
Cookie.pm
Bugzilla/Auth/Login/Cookie.pm
+1
-1
Cookie.pm
Bugzilla/Auth/Persist/Cookie.pm
+1
-1
Advanced.pm
Bugzilla/Config/Advanced.pm
+6
-0
Error.pm
Bugzilla/Error.pm
+1
-1
Token.pm
Bugzilla/Token.pm
+2
-2
User.pm
Bugzilla/User.pm
+3
-8
Util.pm
Bugzilla/Util.pm
+11
-1
advanced.html.tmpl
template/en/default/admin/params/advanced.html.tmpl
+8
-0
No files found.
Bugzilla/Auth/Login/Cookie.pm
View file @
8d2b07ea
...
@@ -35,7 +35,7 @@ sub get_login_info {
...
@@ -35,7 +35,7 @@ sub get_login_info {
my
$cgi
=
Bugzilla
->
cgi
;
my
$cgi
=
Bugzilla
->
cgi
;
my
$dbh
=
Bugzilla
->
dbh
;
my
$dbh
=
Bugzilla
->
dbh
;
my
$ip_addr
=
$cgi
->
remote_addr
();
my
$ip_addr
=
remote_ip
();
my
$login_cookie
=
$cgi
->
cookie
(
"Bugzilla_logincookie"
);
my
$login_cookie
=
$cgi
->
cookie
(
"Bugzilla_logincookie"
);
my
$user_id
=
$cgi
->
cookie
(
"Bugzilla_login"
);
my
$user_id
=
$cgi
->
cookie
(
"Bugzilla_login"
);
...
...
Bugzilla/Auth/Persist/Cookie.pm
View file @
8d2b07ea
...
@@ -52,7 +52,7 @@ sub persist_login {
...
@@ -52,7 +52,7 @@ sub persist_login {
my
$ip_addr
;
my
$ip_addr
;
if
(
$input_params
->
{
'Bugzilla_restrictlogin'
})
{
if
(
$input_params
->
{
'Bugzilla_restrictlogin'
})
{
$ip_addr
=
$cgi
->
remote_addr
;
$ip_addr
=
remote_ip
()
;
# The IP address is valid, at least for comparing with itself in a
# The IP address is valid, at least for comparing with itself in a
# subsequent login
# subsequent login
trick_taint
(
$ip_addr
);
trick_taint
(
$ip_addr
);
...
...
Bugzilla/Config/Advanced.pm
View file @
8d2b07ea
...
@@ -42,6 +42,12 @@ use constant get_param_list => (
...
@@ -42,6 +42,12 @@ use constant get_param_list => (
},
},
{
{
name
=>
'inbound_proxies'
,
type
=>
't'
,
default
=>
''
},
{
name
=>
'proxy_url'
,
name
=>
'proxy_url'
,
type
=>
't'
,
type
=>
't'
,
default
=>
''
default
=>
''
...
...
Bugzilla/Error.pm
View file @
8d2b07ea
...
@@ -64,7 +64,7 @@ sub _throw_error {
...
@@ -64,7 +64,7 @@ sub _throw_error {
for
(
1
..
75
)
{
$mesg
.=
"-"
;
};
for
(
1
..
75
)
{
$mesg
.=
"-"
;
};
$mesg
.=
"\n[$$] "
.
time2str
(
"%D %H:%M:%S "
,
time
());
$mesg
.=
"\n[$$] "
.
time2str
(
"%D %H:%M:%S "
,
time
());
$mesg
.=
"$name $error "
;
$mesg
.=
"$name $error "
;
$mesg
.=
"$ENV{REMOTE_ADDR} "
if
$ENV
{
REMOTE_ADDR
}
;
$mesg
.=
remote_ip
()
;
$mesg
.=
Bugzilla
->
user
->
login
;
$mesg
.=
Bugzilla
->
user
->
login
;
$mesg
.=
(
' actually '
.
Bugzilla
->
sudoer
->
login
)
if
Bugzilla
->
sudoer
;
$mesg
.=
(
' actually '
.
Bugzilla
->
sudoer
->
login
)
if
Bugzilla
->
sudoer
;
$mesg
.=
"\n"
;
$mesg
.=
"\n"
;
...
...
Bugzilla/Token.pm
View file @
8d2b07ea
...
@@ -142,7 +142,7 @@ sub IssuePasswordToken {
...
@@ -142,7 +142,7 @@ sub IssuePasswordToken {
ThrowUserError
(
'too_soon_for_new_token'
,
{
'type'
=>
'password'
})
if
$too_soon
;
ThrowUserError
(
'too_soon_for_new_token'
,
{
'type'
=>
'password'
})
if
$too_soon
;
my
(
$token
,
$token_ts
)
=
_create_token
(
$user
->
id
,
'password'
,
$::ENV
{
'REMOTE_ADDR'
}
);
my
(
$token
,
$token_ts
)
=
_create_token
(
$user
->
id
,
'password'
,
remote_ip
()
);
# Mail the user the token along with instructions for using it.
# Mail the user the token along with instructions for using it.
my
$template
=
Bugzilla
->
template_inner
(
$user
->
settings
->
{
'lang'
}
->
{
'value'
});
my
$template
=
Bugzilla
->
template_inner
(
$user
->
settings
->
{
'lang'
}
->
{
'value'
});
...
@@ -283,7 +283,7 @@ sub Cancel {
...
@@ -283,7 +283,7 @@ sub Cancel {
my
$user
=
new
Bugzilla::
User
(
$userid
);
my
$user
=
new
Bugzilla::
User
(
$userid
);
$vars
->
{
'emailaddress'
}
=
$userid
?
$user
->
email
:
$eventdata
;
$vars
->
{
'emailaddress'
}
=
$userid
?
$user
->
email
:
$eventdata
;
$vars
->
{
'remoteaddress'
}
=
$::ENV
{
'REMOTE_ADDR'
}
;
$vars
->
{
'remoteaddress'
}
=
remote_ip
()
;
$vars
->
{
'token'
}
=
$token
;
$vars
->
{
'token'
}
=
$token
;
$vars
->
{
'tokentype'
}
=
$tokentype
;
$vars
->
{
'tokentype'
}
=
$tokentype
;
$vars
->
{
'issuedate'
}
=
$issuedate
;
$vars
->
{
'issuedate'
}
=
$issuedate
;
...
...
Bugzilla/User.pm
View file @
8d2b07ea
...
@@ -65,11 +65,6 @@ use base qw(Bugzilla::Object Exporter);
...
@@ -65,11 +65,6 @@ use base qw(Bugzilla::Object Exporter);
# Constants
# Constants
#####################################################################
#####################################################################
# Used as the IP for authentication failures for password-lockout purposes
# when there is no IP (for example, if we're doing authentication from the
# command line for some reason).
use
constant
NO_IP
=>
'255.255.255.255'
;
use
constant
USER_MATCH_MULTIPLE
=>
-
1
;
use
constant
USER_MATCH_MULTIPLE
=>
-
1
;
use
constant
USER_MATCH_FAILED
=>
0
;
use
constant
USER_MATCH_FAILED
=>
0
;
use
constant
USER_MATCH_SUCCESS
=>
1
;
use
constant
USER_MATCH_SUCCESS
=>
1
;
...
@@ -1681,7 +1676,7 @@ sub account_is_locked_out {
...
@@ -1681,7 +1676,7 @@ sub account_is_locked_out {
sub
note_login_failure
{
sub
note_login_failure
{
my
$self
=
shift
;
my
$self
=
shift
;
my
$ip_addr
=
Bugzilla
->
cgi
->
remote_addr
||
NO_IP
;
my
$ip_addr
=
remote_ip
()
;
trick_taint
(
$ip_addr
);
trick_taint
(
$ip_addr
);
Bugzilla
->
dbh
->
do
(
"INSERT INTO login_failure (user_id, ip_addr, login_time)
Bugzilla
->
dbh
->
do
(
"INSERT INTO login_failure (user_id, ip_addr, login_time)
VALUES (?, ?, LOCALTIMESTAMP(0))"
,
VALUES (?, ?, LOCALTIMESTAMP(0))"
,
...
@@ -1691,7 +1686,7 @@ sub note_login_failure {
...
@@ -1691,7 +1686,7 @@ sub note_login_failure {
sub
clear_login_failures
{
sub
clear_login_failures
{
my
$self
=
shift
;
my
$self
=
shift
;
my
$ip_addr
=
Bugzilla
->
cgi
->
remote_addr
||
NO_IP
;
my
$ip_addr
=
remote_ip
()
;
trick_taint
(
$ip_addr
);
trick_taint
(
$ip_addr
);
Bugzilla
->
dbh
->
do
(
Bugzilla
->
dbh
->
do
(
'DELETE FROM login_failure WHERE user_id = ? AND ip_addr = ?'
,
'DELETE FROM login_failure WHERE user_id = ? AND ip_addr = ?'
,
...
@@ -1703,7 +1698,7 @@ sub account_ip_login_failures {
...
@@ -1703,7 +1698,7 @@ sub account_ip_login_failures {
my
$self
=
shift
;
my
$self
=
shift
;
my
$dbh
=
Bugzilla
->
dbh
;
my
$dbh
=
Bugzilla
->
dbh
;
my
$time
=
$dbh
->
sql_interval
(
LOGIN_LOCKOUT_INTERVAL
,
'MINUTE'
);
my
$time
=
$dbh
->
sql_interval
(
LOGIN_LOCKOUT_INTERVAL
,
'MINUTE'
);
my
$ip_addr
=
Bugzilla
->
cgi
->
remote_addr
||
NO_IP
;
my
$ip_addr
=
remote_ip
()
;
trick_taint
(
$ip_addr
);
trick_taint
(
$ip_addr
);
$self
->
{
account_ip_login_failures
}
||=
Bugzilla
->
dbh
->
selectall_arrayref
(
$self
->
{
account_ip_login_failures
}
||=
Bugzilla
->
dbh
->
selectall_arrayref
(
"SELECT login_time, ip_addr, user_id FROM login_failure
"SELECT login_time, ip_addr, user_id FROM login_failure
...
...
Bugzilla/Util.pm
View file @
8d2b07ea
...
@@ -35,7 +35,7 @@ use base qw(Exporter);
...
@@ -35,7 +35,7 @@ use base qw(Exporter);
detaint_signed
detaint_signed
html_quote url_quote xml_quote
html_quote url_quote xml_quote
css_class_quote html_light_quote url_decode
css_class_quote html_light_quote url_decode
i_am_cgi correct_urlbase
i_am_cgi correct_urlbase
remote_ip
lsearch do_ssl_redirect_if_required use_attachbase
lsearch do_ssl_redirect_if_required use_attachbase
diff_arrays
diff_arrays
trim wrap_hard wrap_comment find_wrap_point
trim wrap_hard wrap_comment find_wrap_point
...
@@ -54,6 +54,7 @@ use DateTime;
...
@@ -54,6 +54,7 @@ use DateTime;
use
DateTime::
TimeZone
;
use
DateTime::
TimeZone
;
use
Digest
;
use
Digest
;
use
Email::
Address
;
use
Email::
Address
;
use
List::
Util
qw(first)
;
use
Scalar::
Util
qw(tainted)
;
use
Scalar::
Util
qw(tainted)
;
use
Template::
Filters
;
use
Template::
Filters
;
use
Text::
Wrap
;
use
Text::
Wrap
;
...
@@ -289,6 +290,15 @@ sub correct_urlbase {
...
@@ -289,6 +290,15 @@ sub correct_urlbase {
}
}
}
}
sub
remote_ip
{
my
$ip
=
$ENV
{
'REMOTE_ADDR'
}
||
'127.0.0.1'
;
my
@proxies
=
split
(
/[\s,]+/
,
Bugzilla
->
params
->
{
'inbound_proxies'
});
if
(
first
{
$_
eq
$ip
}
@proxies
)
{
$ip
=
$ENV
{
'HTTP_X_FORWARDED_FOR'
}
if
$ENV
{
'HTTP_X_FORWARDED_FOR'
};
}
return
$ip
;
}
sub
use_attachbase
{
sub
use_attachbase
{
my
$attachbase
=
Bugzilla
->
params
->
{
'attachment_base'
};
my
$attachbase
=
Bugzilla
->
params
->
{
'attachment_base'
};
return
(
$attachbase
ne
''
return
(
$attachbase
ne
''
...
...
template/en/default/admin/params/advanced.html.tmpl
View file @
8d2b07ea
...
@@ -32,6 +32,14 @@
...
@@ -32,6 +32,14 @@
_ " one hostname pointing at the same web server, and you"
_ " one hostname pointing at the same web server, and you"
_ " want them to share the $terms.Bugzilla cookie.",
_ " want them to share the $terms.Bugzilla cookie.",
inbound_proxies =>
"When inbound traffic to $terms.Bugzilla goes through a proxy,"
_ " $terms.Bugzilla thinks that the IP address of every single"
_ " user is the IP address of the proxy. If you enter a comma-separated"
_ " list of IPs in this parameter, then $terms.Bugzilla will trust any"
_ " <code>X-Forwarded-For</code> header sent from those IPs,"
_ " and use the value of that header as the end user's IP address.",
proxy_url =>
proxy_url =>
"$terms.Bugzilla may have to access the web to get notifications about"
"$terms.Bugzilla may have to access the web to get notifications about"
_ " new releases (see the <tt>upgrade_notification</tt> parameter)."
_ " new releases (see the <tt>upgrade_notification</tt> parameter)."
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment