mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 14:18:52 +00:00
Merge branch 'develop-olympus' into develop
* develop-olympus: [ticket/9802] Remove unnecessary htmlspecialchars() call on REMOTE_ADDR. [ticket/9802] Only check for IPv4-mapped address when address is IPv6. [ticket/9802] Fix tiny logic bug in loop determining REMOTE_ADDR. [ticket/9802] Remove redundant character class definition from preg_replace. [ticket/9802] Fix redundant str_replace call. No need to replace ' ' with ' '. Conflicts: phpBB/includes/session.php
This commit is contained in:
Nils Adermann
commit
ca1944ebe2
1 changed files with 26 additions and 21 deletions
|
|
@ -222,7 +222,7 @@ class session
|
|||
// if the forwarded for header shall be checked we have to validate its contents
|
||||
if ($config['forwarded_for_check'])
|
||||
{
|
||||
$this->forwarded_for = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->forwarded_for));
|
||||
$this->forwarded_for = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->forwarded_for));
|
||||
|
||||
// split the list of IPs
|
||||
$ips = explode(' ', $this->forwarded_for);
|
||||
|
|
@ -268,11 +268,11 @@ class session
|
|||
|
||||
// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
|
||||
// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
|
||||
$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : '';
|
||||
$this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip));
|
||||
$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : '';
|
||||
$this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip));
|
||||
|
||||
// split the list of IPs
|
||||
$ips = explode(' ', $this->ip);
|
||||
$ips = explode(' ', trim($this->ip));
|
||||
|
||||
// Default IP if REMOTE_ADDR is invalid
|
||||
$this->ip = '127.0.0.1';
|
||||
|
|
@ -297,13 +297,12 @@ class session
|
|||
continue;
|
||||
}
|
||||
|
||||
// check IPv4 first, the IPv6 is hopefully only going to be used very seldomly
|
||||
if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))
|
||||
if (preg_match(get_preg_expression('ipv4'), $ip))
|
||||
{
|
||||
// Just break
|
||||
break;
|
||||
$this->ip = $ip;
|
||||
}
|
||||
|
||||
else if (preg_match(get_preg_expression('ipv6'), $ip))
|
||||
{
|
||||
// Quick check for IPv4-mapped address in IPv6
|
||||
if (stripos($ip, '::ffff:') === 0)
|
||||
{
|
||||
|
|
@ -315,9 +314,15 @@ class session
|
|||
}
|
||||
}
|
||||
|
||||
// Use the last in chain
|
||||
$this->ip = $ip;
|
||||
}
|
||||
else
|
||||
{
|
||||
// We want to use the last valid address in the chain
|
||||
// Leave foreach loop when address is invalid
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$this->load = false;
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue