diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2011-04-19 14:10:23 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2011-04-19 14:10:23 +0200 |
| commit | d1f1d8ade7ab98bde70451874c94bb35584f9192 (patch) | |
| tree | ccbd47e542dfb48c824f1946be02c111f5e9bd7e | |
| parent | 5ca7121ed2f698963387f5f9fb7ffe16d3781447 (diff) | |
| download | forums-d1f1d8ade7ab98bde70451874c94bb35584f9192.tar forums-d1f1d8ade7ab98bde70451874c94bb35584f9192.tar.gz forums-d1f1d8ade7ab98bde70451874c94bb35584f9192.tar.bz2 forums-d1f1d8ade7ab98bde70451874c94bb35584f9192.tar.xz forums-d1f1d8ade7ab98bde70451874c94bb35584f9192.zip | |
[ticket/9802] Remove unnecessary htmlspecialchars() call on REMOTE_ADDR.
The value in $_SERVER['REMOTE_ADDR'] is either validated to be a valid IP
address or is replaced by our default value. Valid IP addresses do not contain
HTML special characters, thus the htmlspecialchars() call is unnecessary.
PHPBB3-9802
| -rw-r--r-- | phpBB/includes/session.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index b2772696f1..79d94e7780 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -267,7 +267,7 @@ class session // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. - $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : ''; + $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : ''; $this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip)); // split the list of IPs |