diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index e54ebf0a95..aaf066dfca 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -47,13 +47,7 @@ class acp_users
$user_ip = request_var('user_ip', '');
$domain = gethostbyaddr($user_ip);
- $ipwhois = '';
-
- if ($ipwhois = user_ipwhois($user_ip))
- {
- $ipwhois = preg_replace('#(\s)([\w\-\._\+]+@[\w\-\.]+)(\s)#', '\1\2\3', $ipwhois);
- $ipwhois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1\2\3', $ipwhois);
- }
+ $ipwhois = user_ipwhois($user_ip);
$template->assign_vars(array(
'MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain),
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 86113899c7..fd077a796a 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1112,6 +1112,13 @@ function user_ipwhois($ip)
{
$ipwhois = '';
+ // Check IP
+ // Only supporting IPv4 at the moment...
+ if (empty($ip) || !preg_match(get_preg_expression('ipv4'), $ip))
+ {
+ return '';
+ }
+
$match = array(
'#RIPE\.NET#is' => 'whois.ripe.net',
'#whois\.apnic\.net#is' => 'whois.apnic.net',
@@ -1147,7 +1154,10 @@ function user_ipwhois($ip)
}
}
- return $ipwhois;
+ $ipwhois = htmlspecialchars($ipwhois);
+
+ // Magic URL ;)
+ return trim(make_clickable($ipwhois, false, ''));
}
/**
diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php
index dd10750d99..b98910f55f 100644
--- a/phpBB/includes/mcp/mcp_post.php
+++ b/phpBB/includes/mcp/mcp_post.php
@@ -36,20 +36,18 @@ function mcp_post_details($id, $mode, $action)
{
case 'whois':
- $ip = request_var('ip', '');
- include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ if ($auth->acl_get('m_info', $post_info['forum_id']))
+ {
+ $ip = request_var('ip', '');
+ include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
- $whois = user_ipwhois($ip);
-
- $whois = preg_replace('#(\s)([\w\-\._\+]+@[\w\-\.]+)(\s)#', '\1\2\3', $whois);
- $whois = preg_replace('#(\s)(ht{2}p:/{2}\S*)(\s)#', '\1\2\3', $whois);
-
- $template->assign_vars(array(
- 'RETURN_POST' => sprintf($user->lang['RETURN_POST'], '', ''),
- 'U_RETURN_POST' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&p=$post_id"),
- 'L_RETURN_POST' => sprintf($user->lang['RETURN_POST'], '', ''),
- 'WHOIS' => trim($whois))
- );
+ $template->assign_vars(array(
+ 'RETURN_POST' => sprintf($user->lang['RETURN_POST'], '', ''),
+ 'U_RETURN_POST' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&p=$post_id"),
+ 'L_RETURN_POST' => sprintf($user->lang['RETURN_POST'], '', ''),
+ 'WHOIS' => user_ipwhois($ip),
+ ));
+ }
// We're done with the whois page so return
return;
diff --git a/phpBB/viewonline.php b/phpBB/viewonline.php
index 6da8e81dbd..8690739d91 100644
--- a/phpBB/viewonline.php
+++ b/phpBB/viewonline.php
@@ -52,7 +52,7 @@ if (!isset($sort_key_text[$sort_key]))
$order_by = $sort_key_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
// Whois requested
-if ($mode == 'whois')
+if ($mode == 'whois' && $auth->acl_get('a_') && $session_id)
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
@@ -64,14 +64,7 @@ if ($mode == 'whois')
if ($row = $db->sql_fetchrow($result))
{
- $whois = user_ipwhois($row['session_ip']);
-
- $whois = preg_replace('#(\s)([\w\-\._\+]+@[\w\-\.]+)(\s)#', '\1\2\3', $whois);
- $whois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1\2\3', $whois);
-
- $template->assign_vars(array(
- 'WHOIS' => trim($whois))
- );
+ $template->assign_var('WHOIS', user_ipwhois($row['session_ip']));
}
$db->sql_freeresult($result);