makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'develop-olympus' into develop

Browse source 
* develop-olympus:
  [ticket/9802] Remove unnecessary htmlspecialchars() call on REMOTE_ADDR.
  [ticket/9802] Only check for IPv4-mapped address when address is IPv6.
  [ticket/9802] Fix tiny logic bug in loop determining REMOTE_ADDR.
  [ticket/9802] Remove redundant character class definition from preg_replace.
  [ticket/9802] Fix redundant str_replace call. No need to replace ' ' with ' '.

Conflicts:
	phpBB/includes/session.php
This commit is contained in:
Nils Adermann 2011-06-10 00:53:38 +02:00
commit ca1944ebe2
1 changed files with 26 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
phpBB/includes/session.php
View file

@ -222,7 +222,7 @@ class session
// if the forwarded for header shall be checked we have to validate its contents // if the forwarded for header shall be checked we have to validate its contents
if ($config['forwarded_for_check']) if ($config['forwarded_for_check'])
{ {
$this->forwarded_for = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->forwarded_for)); $this->forwarded_for = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->forwarded_for));
// split the list of IPs // split the list of IPs
$ips = explode(' ', $this->forwarded_for); $ips = explode(' ', $this->forwarded_for);
@ -268,11 +268,11 @@ class session
// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : ''; $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : '';
$this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip)); $this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip));
// split the list of IPs // split the list of IPs
$ips = explode(' ', $this->ip); $ips = explode(' ', trim($this->ip));
// Default IP if REMOTE_ADDR is invalid // Default IP if REMOTE_ADDR is invalid
$this->ip = '127.0.0.1'; $this->ip = '127.0.0.1';
@ -297,26 +297,31 @@ class session
continue; continue;
} }
// check IPv4 first, the IPv6 is hopefully only going to be used very seldomly if (preg_match(get_preg_expression('ipv4'), $ip))
if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))
{ {
// Just break $this->ip = $ip;
}
else if (preg_match(get_preg_expression('ipv6'), $ip))
{
// Quick check for IPv4-mapped address in IPv6
if (stripos($ip, '::ffff:') === 0)
{
$ipv4 = substr($ip, 7);
if (preg_match(get_preg_expression('ipv4'), $ipv4))
{
$ip = $ipv4;
}
}
$this->ip = $ip;
}
else
{
// We want to use the last valid address in the chain
// Leave foreach loop when address is invalid
break; break;
} }
// Quick check for IPv4-mapped address in IPv6
if (stripos($ip, '::ffff:') === 0)
{
$ipv4 = substr($ip, 7);
if (preg_match(get_preg_expression('ipv4'), $ipv4))
{
$ip = $ipv4;
}
}
// Use the last in chain
$this->ip = $ip;
} }
$this->load = false; $this->load = false;