Menu
▾
▴
[Phpbb-checkins] CVS: phpBB2 common.php,1.72,1.73
|
From: Paul S. O. <ps...@us...> - 2002-03-18 15:43:39
|
Update of /cvsroot/phpbb/phpBB2
In directory usw-pr-cvs1:/tmp/cvs-serv12809
Modified Files:
common.php
Log Message:
Fix for private IPs via HTTP_FOR.. + spoofing of it ... note that getenv doesn't apparently work in ISAPI mode so will only report REMOTE_ADDR
Index: common.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/common.php,v
retrieving revision 1.72
retrieving revision 1.73
diff -C2 -r1.72 -r1.73
*** common.php 18 Feb 2002 12:34:13 -0000 1.72
--- common.php 18 Mar 2002 15:43:36 -0000 1.73
***************
*** 143,149 ****
// Obtain and encode users IP
//
! if( !empty($HTTP_X_FORWARDED_FOR) )
{
! $client_ip = ( preg_match("/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/", $HTTP_X_FORWARDED_FOR, $ip_list) ) ? $ip_list[0] : $REMOTE_ADDR;
}
else
--- 143,167 ----
// Obtain and encode users IP
//
! if( getenv('HTTP_X_FORWARDED_FOR') != '' )
{
! $private_ips = array('192.168', '172.16', '10', '224', '240');
!
! if ( preg_match("/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
! {
! $private_ip = false;
! for($i = 0; $i < count($private_ips); $i++)
! {
! if ( strpos(' ' . $ip_list[0], $private_ips[$i], 1) == 1 )
! {
! $private_ip = true;
! }
! }
!
! $client_ip = ( !$private_ip ) ? $ip_list[0] : $REMOTE_ADDR;
! }
! else
! {
! $client_ip = $REMOTE_ADDR;
! }
}
else
|
