From: Dylan William Hardison <dylan@hardison.net>
Date: Thu, 25 Oct 2018 19:33:49 +0000 (-0400)
Subject: Bug 1501888 - Implement Bugzilla::Util::remote_ip() in terms of Mojolicious API
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a2991d19147de2260e07b4c51a0509688d31931;p=thirdparty%2Fbugzilla.git

Bug 1501888 - Implement Bugzilla::Util::remote_ip() in terms of Mojolicious API
---

diff --git a/Bugzilla/Quantum.pm b/Bugzilla/Quantum.pm
index 927729614..84618a71b 100644
--- a/Bugzilla/Quantum.pm
+++ b/Bugzilla/Quantum.pm
@@ -42,6 +42,7 @@ sub startup {
     unless $ENV{BUGZILLA_DISABLE_HOSTAGE};
   $self->plugin('Bugzilla::Quantum::Plugin::SizeLimit')
     unless $ENV{BUGZILLA_DISABLE_SIZELIMIT};
+  $self->plugin('ForwardedFor') if Bugzilla->has_feature('better_xff');
   $self->plugin('Bugzilla::Quantum::Plugin::BlockIP');
   $self->plugin('Bugzilla::Quantum::Plugin::Helpers');
 
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index aa524b263..780cd45d4 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -323,21 +323,16 @@ sub do_ssl_redirect_if_required {
 
 # Returns the real remote address of the client,
 sub remote_ip {
-    my $remote_ip       = $ENV{'REMOTE_ADDR'} || '127.0.0.1';
-    my @proxies         = split(/[\s,]+/, Bugzilla->localconfig->{inbound_proxies});
-    my @x_forwarded_for = split(/[\s,]+/, $ENV{HTTP_X_FORWARDED_FOR} // '');
-
-    return $remote_ip unless @x_forwarded_for;
-    return $x_forwarded_for[0] if @proxies && $proxies[0] eq '*';
-    return $remote_ip if none { $_ eq $remote_ip } @proxies;
-
-    foreach my $ip (reverse @x_forwarded_for) {
-        if (none { $_ eq $ip } @proxies) {
-            # Keep the original IP address if the remote IP is invalid.
-            return validate_ip($ip) || $remote_ip;
-        }
+    if ($ENV{SERVER_SOFTWARE} eq 'Bugzilla::Quantum::CGI') {
+        my $c = $Bugzilla::Quantum::CGI::C
+            or LOGDIE("Cannot find controller!");
+        state $better_xff = Bugzilla->has_feature('better_xff');
+        return $better_xff ? $c->forwarded_for : $c->tx->remote_address;
+    }
+    else {
+        WARN("remote_ip() called outside CGI controller!");
+        return "";
     }
-    return $remote_ip;
 }
 
 sub validate_ip {
diff --git a/Makefile.PL b/Makefile.PL
index b73080bea..156ef83d3 100755
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -129,6 +129,11 @@ if ($OSNAME eq 'linux' && -f '/etc/debian_version') {
 }
 
 my %optional_features = (
+  better_xff => {
+    description => 'Improved behavior of MOJO_REVERSE_PROXY',
+    prereqs =>
+      {runtime => {requires => {'Mojolicious::Plugin::ForwardedFor' => 0}}}
+  },
   alien_cmark => {
     description => 'Support GitHub-flavored markdown',
     prereqs     => {runtime => {requires => {'Alien::libcmark_gfm' => '3'},},},
@@ -300,7 +305,10 @@ my %optional_features = (
   },
   linux_smaps => {
     description => 'Linux::Smaps::Tiny for limiting memory usage',
-    prereqs     => {runtime => {requires => {'Linux::Smaps::Tiny' => '0', 'BSD::Resource' => 0}}},
+    prereqs     => {
+      runtime =>
+        {requires => {'Linux::Smaps::Tiny' => '0', 'BSD::Resource' => 0}}
+    },
   },
   linux_pdeath => {
     description => 'Linux::Pdeathsig for a good parent/child relationships',