[Tickets #10857] Re: Wunderground doesn't use client IP when searching by IP

bugs at horde.org bugs at horde.org
Wed Dec 14 15:23:23 UTC 2011 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/10857
------------------------------------------------------------------------------
  Ticket             | 10857
  Updated By         | arjen+horde at de-korte.org
  Summary            | Wunderground doesn't use client IP when searching by IP
  Queue              | Horde Framework Packages
  Version            | Git master
  Type               | Bug
  State              | Assigned
  Priority           | 1. Low
  Milestone          |
  Patch              | 1
  Owners             | Michael Rubinsky
------------------------------------------------------------------------------


arjen+horde at de-korte.org (2011-12-14 15:23) wrote:

> I'd actually rather not add another, even optional, external  
> dependency for something so simple. The code to check the validity  
> of the IP address is pretty straightforward, so I'll just add this  
> check directly to the Service_Weather package.

I agree. I already rewrote this to not depend on an external package:

     protected function _getLocationByIp($ip)
     {
         if (empty($ip)) {
             throw new Horde_Service_Weather_Exception('Error, trying  
to lookup empty IP.');
         }
         // Check if the provided IP is from a reserved range of IPv4 addresses
         // that should never appear on the public internet (see RFC3330) and
         // for which no geolookup will ever be possible. In this  
case, fallback
         // to the server IP as a last resort (which is better than  
nothing, but
         // not much).
         if ((sscanf($ip, "%d.%d.%d.%d", $a, $b, $c, $d) === 4) &&
            (($a === 10) ||                          // 10/8       -  
Private-Use Networks
             ($a === 127) ||                         // 127/8      - Loopback
             ($a === 169 && $b === 254) ||           // 169.254/16 - Link Local
             ($a === 172 && $b >= 16 && $b <= 31) || // 172.16/12  -  
Private-Use Networks
             ($a === 192 && $b === 0 && $c === 2) || // 192.0.2/24 - Test-Net
             ($a === 192 && $b === 168))) {          // 192.168/16 -  
Private-Use Networks
             Horde::logMessage('Using server IP instead of client IP  
[' . $ip . '] (not globally unique)');
             return $this->_makeRequest(self::API_URL . '/api/' .  
$this->_apiKey
                 . '/geolookup/q/autoip.json');
         } else {
             return $this->_makeRequest(self::API_URL . '/api/' .  
$this->_apiKey
                 . '/geolookup/q/autoip.json?geo_ip=' . $ip);
         }
     }

This indeed is simple enough. Besides the fact that Net_CheckIP2 is  
broken when it comes to checking the Link Local addresses and it also  
doesn't include the Loopback address. I'll prepare a patch later today.

More information about the bugs mailing list