Merge branch 'master' into prng, resolve merge conflicts

2016-08-15 18:15:57 +02:00
parent e23322b61e bb7fb2054a
commit 75cb771e4b
47 changed files with 1971 additions and 347 deletions
--- a/lib/Persistence/AbstractPersistence.php
+++ b/lib/Persistence/AbstractPersistence.php
@@ -119,7 +119,7 @@ abstract class AbstractPersistence
    protected static function _store($filename, $data)
    {
        self::_initialize();
-        $file = self::$_path . DIRECTORY_SEPARATOR . $filename;
+        $file         = self::$_path . DIRECTORY_SEPARATOR . $filename;
        $writtenBytes = @file_put_contents($file, $data, LOCK_EX);
        if ($writtenBytes === false || $writtenBytes < strlen($data)) {
            throw new Exception('unable to write to file ' . $file, 13);
--- a/lib/Persistence/PurgeLimiter.php
+++ b/lib/Persistence/PurgeLimiter.php
@@ -72,8 +72,8 @@ class PurgeLimiter extends AbstractPersistence
            return true;
        }

-        $file = 'purge_limiter.php';
-        $now = time();
+        $file    = 'purge_limiter.php';
+        $now     = time();
        $content = '<?php' . PHP_EOL . '$GLOBALS[\'purge_limiter\'] = ' . $now . ';' . PHP_EOL;
        if (!self::_exists($file)) {
            self::_store($file, $content);
--- a/lib/Persistence/TrafficLimiter.php
+++ b/lib/Persistence/TrafficLimiter.php
@@ -73,15 +73,16 @@ class TrafficLimiter extends AbstractPersistence
    }

    /**
-     * get the current visitors IP address
+     * get a HMAC of the current visitors IP address
     *
     * @access public
     * @static
+     * @param  string $algo
     * @return string
     */
-    public static function getIp()
+    public static function getHash($algo = 'sha512')
    {
-        return $_SERVER[self::$_ipKey];
+        return hash_hmac($algo, $_SERVER[self::$_ipKey], ServerSalt::get());
    }

    /**
@@ -101,8 +102,6 @@ class TrafficLimiter extends AbstractPersistence
            return true;
        }

-        $ip = hash_hmac('sha256', self::getIp(), ServerSalt::get());
-
        $file = 'traffic_limiter.php';
        if (!self::_exists($file)) {
            self::_store(
@@ -115,20 +114,22 @@ class TrafficLimiter extends AbstractPersistence
        $path = self::getPath($file);
        require $path;
        $now = time();
-        $tl = $GLOBALS['traffic_limiter'];
+        $tl  = $GLOBALS['traffic_limiter'];

-        // purge file of expired IPs to keep it small
+        // purge file of expired hashes to keep it small
        foreach ($tl as $key => $time) {
            if ($time + self::$_limit < $now) {
                unset($tl[$key]);
            }
        }

-        if (array_key_exists($ip, $tl) && ($tl[$ip] + self::$_limit >= $now)) {
+        // this hash is used as an array key, hence a shorter hash is used
+        $hash = self::getHash('sha256');
+        if (array_key_exists($hash, $tl) && ($tl[$hash] + self::$_limit >= $now)) {
            $result = false;
        } else {
-            $tl[$ip] = time();
-            $result = true;
+            $tl[$hash] = time();
+            $result    = true;
        }
        self::_store(
            $file,