makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/9802] Remove unnecessary htmlspecialchars() call on REMOTE_ADDR.

Browse source 
The value in $_SERVER['REMOTE_ADDR'] is either validated to be a valid IP
address or is replaced by our default value. Valid IP addresses do not contain
HTML special characters, thus the htmlspecialchars() call is unnecessary.

PHPBB3-9802
This commit is contained in:
Andreas Fischer 2011-04-19 14:10:23 +02:00
parent 5ca7121ed2
commit d1f1d8ade7
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/includes/session.php
View file

@ -267,7 +267,7 @@ class session
// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : '';
$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : '';
$this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip));
// split the list of IPs