aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul S. Owen <psotfx@users.sourceforge.net>2002-03-18 15:43:36 +0000
committerPaul S. Owen <psotfx@users.sourceforge.net>2002-03-18 15:43:36 +0000
commitfc4c0e44f0c2e4ba5800cde5751251a8285a25e7 (patch)
treee7fecf1b1f4dce1b9469c0523c7357017b3ea354
parentca1926c0326cd043c05eae452d9eac458ba21d36 (diff)
downloadforums-fc4c0e44f0c2e4ba5800cde5751251a8285a25e7.tar
forums-fc4c0e44f0c2e4ba5800cde5751251a8285a25e7.tar.gz
forums-fc4c0e44f0c2e4ba5800cde5751251a8285a25e7.tar.bz2
forums-fc4c0e44f0c2e4ba5800cde5751251a8285a25e7.tar.xz
forums-fc4c0e44f0c2e4ba5800cde5751251a8285a25e7.zip
Fix for private IPs via HTTP_FOR.. + spoofing of it ... note that getenv doesn't apparently work in ISAPI mode so will only report REMOTE_ADDR
git-svn-id: file:///svn/phpbb/trunk@2314 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat
-rw-r--r--phpBB/common.php22
1 files changed, 20 insertions, 2 deletions
diff --git a/phpBB/common.php b/phpBB/common.php
index 3b636f3025..2cb8ee9891 100644
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -142,9 +142,27 @@ $nav_links['author'] = array (
//
// Obtain and encode users IP
//
-if( !empty($HTTP_X_FORWARDED_FOR) )
+if( getenv('HTTP_X_FORWARDED_FOR') != '' )
{
- $client_ip = ( preg_match("/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/", $HTTP_X_FORWARDED_FOR, $ip_list) ) ? $ip_list[0] : $REMOTE_ADDR;
+ $private_ips = array('192.168', '172.16', '10', '224', '240');
+
+ if ( preg_match("/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
+ {
+ $private_ip = false;
+ for($i = 0; $i < count($private_ips); $i++)
+ {
+ if ( strpos(' ' . $ip_list[0], $private_ips[$i], 1) == 1 )
+ {
+ $private_ip = true;
+ }
+ }
+
+ $client_ip = ( !$private_ip ) ? $ip_list[0] : $REMOTE_ADDR;
+ }
+ else
+ {
+ $client_ip = $REMOTE_ADDR;
+ }
}
else
{
generated by cgit v1.2.1 (git 2.21.0) at 2024-11-12 21:17:12 +0000