Menu
▾
▴
[Phpbb-checkins] r10020 - /branches/phpBB-3_0_0/phpBB/includes/session.php
|
From: Meik S. <acy...@ph...> - 2009-08-20 08:43:29
|
Author: acydburn
Date: Thu Aug 20 09:43:10 2009
New Revision: 10020
Log:
Add some very basic checks to the users ip - related to bug #48995
Modified:
branches/phpBB-3_0_0/phpBB/includes/session.php
Modified: branches/phpBB-3_0_0/phpBB/includes/session.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/session.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/session.php Thu Aug 20 09:43:10 2009
***************
*** 268,273 ****
--- 268,294 ----
// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : '';
+ $this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip));
+
+ // split the list of IPs
+ $ips = explode(' ', $this->ip);
+
+ // Default IP if REMOTE_ADDR is invalid
+ $this->ip = '127.0.0.1';
+
+ foreach ($ips as $ip)
+ {
+ // check IPv4 first, the IPv6 is hopefully only going to be used very seldomly
+ if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))
+ {
+ // Just break
+ break;
+ }
+
+ // Use the last in chain
+ $this->ip = $ip;
+ }
+
$this->load = false;
// Load limit check (if applicable)
|
