makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-10 13:28:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix for private IPs via HTTP_FOR.. + spoofing of it ... note that getenv doesn't apparently work in ISAPI mode so will only report REMOTE_ADDR

Browse source 
git-svn-id: file:///svn/phpbb/trunk@2314 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-03-18 15:43:36 +00:00
parent ca1926c032
commit fc4c0e44f0
1 changed files with 20 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
phpBB/common.php
View file

@ -142,9 +142,27 @@ $nav_links['author'] = array (
//
// Obtain and encode users IP
//
if( !empty($HTTP_X_FORWARDED_FOR) )
if( getenv('HTTP_X_FORWARDED_FOR') != '' )
{
$client_ip = ( preg_match("/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/", $HTTP_X_FORWARDED_FOR, $ip_list) ) ? $ip_list[0] : $REMOTE_ADDR;
$private_ips = array('192.168', '172.16', '10', '224', '240');
if ( preg_match("/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
{
$private_ip = false;
for($i = 0; $i < count($private_ips); $i++)
{
if ( strpos(' ' . $ip_list[0], $private_ips[$i], 1) == 1 )
{
$private_ip = true;
}
}
$client_ip = ( !$private_ip ) ? $ip_list[0] : $REMOTE_ADDR;
}
else
{
$client_ip = $REMOTE_ADDR;
}
}
else
{