rename trustedproxy option to trustedproxies

We use a new format (array instead of regex) and need a sure way to
recognize it. Zebra's approach would not have survived the editing via
config manager.
As a side effect this also introduces a new languange string, which is
good because the old one did no longer apply.

4 files changed, 19 insertions, 24 deletions

diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php
index 6e4b26d3a..6990b23e4 100644
--- a/conf/dokuwiki.php
+++ b/conf/dokuwiki.php
@@ -162,7 +162,14 @@ $conf['readdircache'] = 0;               //time cache in second for the readdir
 $conf['search_nslimit'] = 0;             //limit the search to the current X namespaces
 $conf['search_fragment'] = 'exact';      //specify the default fragment search behavior
 
-$conf['trustedproxy'] = ['::1', 'fe80::/10', '127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16'];
+/* Feature Flags */
+$conf['defer_js'] = 1;                   // Defer javascript to be executed after the page's HTML has been parsed. Setting will be removed in the next release.
+$conf['hidewarnings'] = 0;               // Hide warnings
+
+/* Network Settings */
+$conf['dnslookups'] = 1;                 //disable to disallow IP to hostname lookups
+$conf['jquerycdn']  = 0;                 //use a CDN for delivering jQuery?
+$conf['trustedproxies'] = array('::1', 'fe80::/10', '127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16');
                                          // Trusted proxy servers from which to read the X-Forwarded-For header.
                                          // Each item in the array may be either an IPv4 or IPv6 address, or
                                          // an IPv4 or IPv6 CIDR range (e.g. 10.0.0.0/8).
@@ -170,13 +177,7 @@ $conf['trustedproxy'] = ['::1', 'fe80::/10', '127.0.0.0/8', '10.0.0.0/8', '172.1
 $conf['realip'] = false;                 // Enable reading the X-Real-IP header.  Default: false.
                                          // Only enable this if your server writes this header, otherwise it may be spoofed.
 
-/* Feature Flags */
-$conf['defer_js'] = 1;                   // Defer javascript to be executed after the page's HTML has been parsed. Setting will be removed in the next release.
-$conf['hidewarnings'] = 0;               // Hide warnings
 
-/* Network Settings */
-$conf['dnslookups'] = 1;                 //disable to disallow IP to hostname lookups
-$conf['jquerycdn']  = 0;                 //use a CDN for delivering jQuery?
 // Proxy setup - if your Server needs a proxy to access the web set these
 $conf['proxy']['host']    = '';
 $conf['proxy']['port']    = '';
diff --git a/inc/Ip.php b/inc/Ip.php
index 231f56d73..499d837b4 100644
--- a/inc/Ip.php
+++ b/inc/Ip.php
@@ -136,7 +136,7 @@ class Ip
      * Given the IP address of a proxy server, determine whether it is
      * a known and trusted server.
      *
-     * This test is performed using the config value `trustedproxy`.
+     * This test is performed using the config value `trustedproxies`.
      *
      * @param string $ip The IP address of the proxy.
      *
@@ -147,25 +147,17 @@ class Ip
         global $conf;
 
         // If the configuration is empty then no proxies are trusted.
-        if (empty($conf['trustedproxy'])) {
+        if (empty($conf['trustedproxies'])) {
             return false;
         }
 
-        if (is_string($conf['trustedproxy'])) {
-            // If the configuration is a string then treat it as a regex.
-            return preg_match('/' . $conf['trustedproxy'] . '/', $ip);
-        } elseif (is_array($conf['trustedproxy'])) {
-            // If the configuration is an array, then at least one must match.
-            foreach ($conf['trustedproxy'] as $trusted) {
-                if (Ip::ipMatches($ip, $trusted)) {
-                    return true;
-                }
+        foreach ((array) $conf['trustedproxies'] as $trusted) {
+            if (Ip::ipMatches($ip, $trusted)) {
+                return true;
             }
-
-            return false;
         }
 
-        Logger::error('Invalid value for $conf[trustedproxy]');
+        Logger::error('Invalid value for $conf[trustedproxies]');
         return false;
     }
 
@@ -251,7 +243,7 @@ class Ip
      * The IPs are sourced from, in order of preference:
      *
      *   - The X-Real-IP header if $conf[realip] is true.
-     *   - The X-Forwarded-For header if all the proxies are trusted by $conf[trustedproxy].
+     *   - The X-Forwarded-For header if all the proxies are trusted by $conf[trustedproxies].
      *   - The TCP/IP connection remote address.
      *   - 0.0.0.0 if all else fails.
      *
diff --git a/lib/plugins/config/lang/en/lang.php b/lib/plugins/config/lang/en/lang.php
index f1598e2ef..c08ca5b07 100644
--- a/lib/plugins/config/lang/en/lang.php
+++ b/lib/plugins/config/lang/en/lang.php
@@ -188,7 +188,6 @@ $lang['search_fragment_o_exact'] = 'exact';
 $lang['search_fragment_o_starts_with'] = 'starts with';
 $lang['search_fragment_o_ends_with'] = 'ends with';
 $lang['search_fragment_o_contains'] = 'contains';
-$lang['trustedproxy'] = 'Trust forwarding proxies matching this regular expression about the true client IP they report. The default matches local networks. Leave empty to trust no proxy.';
 
 $lang['_feature_flags'] = 'Feature Flags';
 $lang['defer_js'] = 'Defer javascript to be execute after the page\'s HTML has been parsed. Improves perceived page speed but could break a small number of plugins.';
@@ -197,6 +196,8 @@ $lang['hidewarnings'] = 'Do not display any warnings issued by PHP. This may eas
 /* Network Options */
 $lang['dnslookups'] = 'DokuWiki will lookup hostnames for remote IP addresses of users editing pages. If you have a slow or non working DNS server or don\'t want this feature, disable this option';
 $lang['jquerycdn'] = 'Should the jQuery and jQuery UI script files be loaded from a CDN? This adds additional HTTP requests, but files may load faster and users may have them cached already.';
+$lang['trustedproxies'] = 'Comma-separated list of trusted proxy servers from which to read the X-Forwarded-For header. Each item in the array may be either an IPv4 or IPv6 address, or an IPv4 or IPv6 CIDR range (e.g. 10.0.0.0/8). Leave empty to trust no proxy.';
+$lang['realip'] = 'Trust the X-Real-IP header. Only enable this if your server writes this header, otherwise it may be spoofed.';
 
 /* jQuery CDN options */
 $lang['jquerycdn_o_0'] = 'No CDN, local delivery only';
diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php
index 2935fb7ff..81da7b827 100644
--- a/lib/plugins/config/settings/config.metadata.php
+++ b/lib/plugins/config/settings/config.metadata.php
@@ -247,7 +247,6 @@ $meta['renderer_xhtml'] = ['renderer', '_format' => 'xhtml', '_choices' => ['xht
 $meta['readdircache'] = ['numeric'];
 $meta['search_nslimit'] = ['numeric', '_min' => 0];
 $meta['search_fragment'] = ['multichoice', '_choices' => ['exact', 'starts_with', 'ends_with', 'contains']];
-$meta['trustedproxy'] = ['regex'];
 
 $meta['_feature_flags'] = ['fieldset'];
 $meta['defer_js'] = ['onoff'];
@@ -256,6 +255,8 @@ $meta['hidewarnings'] = ['onoff'];
 $meta['_network'] = ['fieldset'];
 $meta['dnslookups'] = ['onoff'];
 $meta['jquerycdn'] = ['multichoice', '_choices' => [0, 'jquery', 'cdnjs']];
+$meta['trustedproxies'] = ['array', '_caution' => 'security'];
+$meta['realip'] = ['onoff', '_caution' => 'security'];
 $meta['proxy____host'] = ['string', '_pattern' => '#^(|[a-z0-9\-\.+]+)$#i'];
 $meta['proxy____port'] = ['numericopt'];
 $meta['proxy____user'] = ['string'];