diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-03-18 23:45:24 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-03-18 23:45:24 +0000 |
| commit | 812d5a2f35381f42ae67f4880f32aafef2b4fb5d (patch) | |
| tree | 1704d2850be805472563fa710b8cb500bcb4bbda | |
| parent | 0fb594ca5877e91ced441554f7dfe13e4301df6d (diff) | |
| download | forums-812d5a2f35381f42ae67f4880f32aafef2b4fb5d.tar forums-812d5a2f35381f42ae67f4880f32aafef2b4fb5d.tar.gz forums-812d5a2f35381f42ae67f4880f32aafef2b4fb5d.tar.bz2 forums-812d5a2f35381f42ae67f4880f32aafef2b4fb5d.tar.xz forums-812d5a2f35381f42ae67f4880f32aafef2b4fb5d.zip | |
Allow global_var off for REMOTE_ADDR
git-svn-id: file:///svn/phpbb/trunk@2327 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/common.php | 27 |
1 files changed, 10 insertions, 17 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index 2cb8ee9891..7075f759fd 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -20,6 +20,11 @@ * ***************************************************************************/ +if ( !defined('IN_PHPBB') ) +{ + die("Hacking attempt"); +} + error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables set_magic_quotes_runtime(0); // Disable magic_quotes_runtime @@ -144,29 +149,17 @@ $nav_links['author'] = array ( // if( getenv('HTTP_X_FORWARDED_FOR') != '' ) { - $private_ips = array('192.168', '172.16', '10', '224', '240'); - - if ( preg_match("/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) ) - { - $private_ip = false; - for($i = 0; $i < count($private_ips); $i++) - { - if ( strpos(' ' . $ip_list[0], $private_ips[$i], 1) == 1 ) - { - $private_ip = true; - } - } + $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); - $client_ip = ( !$private_ip ) ? $ip_list[0] : $REMOTE_ADDR; - } - else + if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) ) { - $client_ip = $REMOTE_ADDR; + $private_ip = array('/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/'); + $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]); } } else { - $client_ip = $REMOTE_ADDR; + $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); } $user_ip = encode_ip($client_ip); |