From c24b7f81b1573272eed14b3c925ffc357c9004fe Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Mon, 2 Jun 2003 18:02:46 +0000 Subject: [PATCH] my attempt to break the source. :D The Cache-Control change may stay or may not stay. fixed: php3 compliance within the emailer. :) git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@4073 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/admin/admin_board.php | 2 +- phpBB/common.php | 17 ++++++++++++++--- phpBB/docs/CHANGELOG.html | 2 ++ phpBB/includes/emailer.php | 6 ++++-- phpBB/includes/page_header.php | 7 +++++-- 5 files changed, 26 insertions(+), 8 deletions(-) diff --git a/phpBB/admin/admin_board.php b/phpBB/admin/admin_board.php index a72fd4f10e..d5a39acbc0 100644 --- a/phpBB/admin/admin_board.php +++ b/phpBB/admin/admin_board.php @@ -16,7 +16,7 @@ define('IN_PHPBB', 1); if( !empty($setmodules) ) { $file = basename(__FILE__); - $module['General']['Configuration'] = "$file?mode=config"; + $module['General']['Configuration'] = "$file"; return; } diff --git a/phpBB/common.php b/phpBB/common.php index 2427ca8f2a..49ef4e7fa2 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -130,10 +130,21 @@ if( getenv('HTTP_X_FORWARDED_FOR') != '' ) { $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); - if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) ) + $entries = explode(',', getenv('HTTP_X_FORWARDED_FOR')); + reset($entries); + while (list(, $entry) = each($entries)) { - $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/'); - $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]); + $entry = trim($entry); + if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) ) + { + $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/'); + $found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]); + if ($client_ip != $found_ip) + { + $client_ip = $found_ip; + break; + } + } } } else diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 7f5f6f6fbd..5c5427ea72 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -115,6 +115,8 @@ p,ul,td {font-size:10pt;}
  • Added mail header X-MimeOLE to the emailer class
  • Prevent registration if user is logged in or user trying to register a second time
  • Prevent usage of ALT-255 in Usernames
    • +
  • Fixed IP retrieval for users with two proxy setups while the first proxy is hiding the clients IP Address - cosmos
    • +
  • Fixed Cache-Control header for correctly resetting cookies - cosmos

    • 1.ii. Changes since 2.0.3

    diff --git a/phpBB/includes/emailer.php b/phpBB/includes/emailer.php index d6e94d52c3..d5732ce58e 100755 --- a/phpBB/includes/emailer.php +++ b/phpBB/includes/emailer.php @@ -148,7 +148,8 @@ class emailer $this->msg = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "' . $\\1 . '", $this->msg); // Set vars - foreach ($this->vars as $key => $val) + reset ($this->vars); + while (list($key, $val) = each($this->vars)) { $$key = $val; } @@ -156,7 +157,8 @@ class emailer eval("\$this->msg = '$this->msg';"); // Clear vars - foreach ($this->vars as $key => $val) + reset ($this->vars); + while (list($key, $val) = each($this->vars)) { unset($$key); } diff --git a/phpBB/includes/page_header.php b/phpBB/includes/page_header.php index 361b6837a3..1d86caa5f8 100644 --- a/phpBB/includes/page_header.php +++ b/phpBB/includes/page_header.php @@ -461,15 +461,18 @@ else } } +// Add no-cache control for cookies if they are set +$c_no_cache = (isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) ? 'no-cache="set-cookie", ' : ''; + // Work around for "current" Apache 2 + PHP module which seems to not // cope with private cache control setting if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2')) { - header ('Cache-Control: no-cache, pre-check=0, post-check=0, max-age=0'); + header ('Cache-Control: ' . $c_no_cache . 'no-cache, pre-check=0, post-check=0, max-age=0'); } else { - header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0'); + header ('Cache-Control: ' . $c_no_cache . 'private, pre-check=0, post-check=0, max-age=0'); } header ('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT'); header ('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');