- Affected version
- 2.2.12
\XF\Http\Request
has public data to check if the request was received through a trusted provider (Google, Cloudflare) - but it does not remember if it was and method ipMatchesRanges
is protected
.So if I need to check wether the request was received through a trusted provider (for example to decide if some request headers can be truested) I have to somewhat duplicate code and re-do checks that already had been done.
Could this be simplified a bit?
- Move the code from
\XF\Http\Request::ipMatchesRanges
to a public static method in\XF\Util\Ip
so it can be reused; keep the protected method for compatibility and just make it call the util method) - Remember if the request was received from a trusted provider and somehow make that information available to callers, eg. smth. like method
isReceivedFromTrustedProvider(string $provider): bool