diff options
Diffstat (limited to 'phpBB/includes/session.php')
| -rw-r--r-- | phpBB/includes/session.php | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 8d41616123..112cf4e2fd 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -268,6 +268,27 @@ class session // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : ''; + $this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip)); + + // split the list of IPs + $ips = explode(' ', $this->ip); + + // Default IP if REMOTE_ADDR is invalid + $this->ip = '127.0.0.1'; + + foreach ($ips as $ip) + { + // check IPv4 first, the IPv6 is hopefully only going to be used very seldomly + if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) + { + // Just break + break; + } + + // Use the last in chain + $this->ip = $ip; + } + $this->load = false; // Load limit check (if applicable) |