diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2009-08-20 08:43:10 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2009-08-20 08:43:10 +0000 |
| commit | d8a76b14428d9a5cc955dd0341f032e43f53c7d9 (patch) | |
| tree | fe613d58f0ba9863eac9e4b885b6c9b6808ec0d6 /phpBB/includes/session.php | |
| parent | bec4b11b64fa8372d430add94f0eee30ee9d0762 (diff) | |
| download | forums-d8a76b14428d9a5cc955dd0341f032e43f53c7d9.tar forums-d8a76b14428d9a5cc955dd0341f032e43f53c7d9.tar.gz forums-d8a76b14428d9a5cc955dd0341f032e43f53c7d9.tar.bz2 forums-d8a76b14428d9a5cc955dd0341f032e43f53c7d9.tar.xz forums-d8a76b14428d9a5cc955dd0341f032e43f53c7d9.zip | |
Add some very basic checks to the users ip - related to bug #48995
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10020 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/session.php')
| -rw-r--r-- | phpBB/includes/session.php | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 8d41616123..112cf4e2fd 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -268,6 +268,27 @@ class session // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : ''; + $this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip)); + + // split the list of IPs + $ips = explode(' ', $this->ip); + + // Default IP if REMOTE_ADDR is invalid + $this->ip = '127.0.0.1'; + + foreach ($ips as $ip) + { + // check IPv4 first, the IPv6 is hopefully only going to be used very seldomly + if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) + { + // Just break + break; + } + + // Use the last in chain + $this->ip = $ip; + } + $this->load = false; // Load limit check (if applicable) |