Changeset 805


Ignore:
Timestamp:
May 24, 2014, 11:35:47 PM (10 years ago)
Author:
chronos
Message:
  • Fixed: Do not log client proxy IP address as remote address because it can be faked and also there can be multiple client proxy addresses.
  • Modified: Do not use directly $_SERVER variables REMOTE_ADDR and REQUEST_URI as they are not initialized if script is executed from command line.
  • Fixed: Default configuration was not complete.
Location:
trunk
Files:
15 edited

Legend:

Unmodified
Added
Removed
  • trunk/Modules/Export/ProcessAoWoWExport.php

    r737 r805  
    22
    33ini_set('memory_limit', '100M');
    4 
    5 $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
    6 $_SERVER['REQUEST_URI'] = __FILE__;
    74
    85include_once('../../includes/global.php');
     
    1411  $System->DoNotShowPage = true;
    1512        $System->Run();
    16 
    17 $_SERVER['REQUEST_URI'] = __FILE__;
    1813
    1914$Output = '';
  • trunk/Modules/Export/ProcessTask.php

    r776 r805  
    22
    33ini_set('memory_limit', '100M');
    4 
    5 $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
    6 $_SERVER['REQUEST_URI'] = __FILE__;
    74
    85include_once(dirname(__FILE__).'/../../includes/global.php');
  • trunk/Modules/Export/cmdmpqexport.php

    r741 r805  
    22
    33ini_set('memory_limit', '100M');
    4 
    5 $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
    6 $_SERVER['REQUEST_URI'] = __FILE__;
    74
    85include_once(dirname(__FILE__).'/../../includes/global.php');
  • trunk/Modules/Forum/Forum.php

    r792 r805  
    261261                $this->System->Database->query('INSERT INTO `'.$Table.'` ( `User`, `UserName` , `Text` , `Date` , `IP` , `Thread` ) '.
    262262                                                                ' VALUES ('.$this->System->User->Id.', "'.$this->System->User->Name.
    263                                                                 '", "'.$Text.'", NOW(), "'.$_SERVER['REMOTE_ADDR'].'","'.$_GET['Thread'].'")');
     263                                                                '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'","'.$_GET['Thread'].'")');
    264264              } else $Output .= ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
    265265             } else
    266266            $this->System->Database->query('INSERT INTO `'.$Table.'` ( `User`, `UserName` , `Text` , `Date` , `IP`) '.
    267267                                                                ' VALUES ('.$this->System->User->Id.', "'.$this->System->User->Name.
    268                                                                 '", "'.$Text.'", NOW(), "'.$_SERVER['REMOTE_ADDR'].'")');
     268                                                                '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'")');
    269269                                                $Output .= ShowMessage(T('Added.'));
    270270                                        }
  • trunk/Modules/Import/cmd.php

    r727 r805  
    11<?php
    2 
    3 $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
    4 $_SERVER['REQUEST_URI'] = __FILE__;
    5 
    62
    73include_once('../../includes/global.php');
     
    139        $System->Run();
    1410$Import = new Import($System);
    15 $_SERVER['REQUEST_URI'] = __FILE__;
    1611
    1712$Output = '';
  • trunk/Modules/Log/Log.php

    r765 r805  
    3333  function WriteLog($Text, $Type)
    3434  {
    35         if(!isset($_SERVER['REMOTE_ADDR'])) $IP = 'Konzole';
    36           else $IP = addslashes($_SERVER['REMOTE_ADDR']);
    37        
    38         if(isset($this->System->User) and !is_null($this->System->User->Id)) $UserId = $this->System->User->Id;
     35        if(isset($this->System->User) and !is_null($this->System->User->Id))
     36          $UserId = $this->System->User->Id;
    3937          else $UserId = 'NULL';
    4038        $Query = 'INSERT INTO `Log` ( `User` , `Type` , `Text` , `Date` , `IP`, `URL` ) '.
    41                 'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.$IP.'", "'.$_SERVER['REQUEST_URI'].'")';
     39          'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.
     40          GetRemoteAddress().'", "'.GetRequestURI().'")';
    4241        $this->System->Database->query($Query);
    4342  }
     
    6059{
    6160        global $System, $User;
    62 
    63         if(!isset($_SERVER['REMOTE_ADDR'])) $IP = 'Konzole';
    64           else $IP = addslashes($_SERVER['REMOTE_ADDR']);
    65 
     61       
    6662        if(isset($User) and !is_null($User->Id)) $UserId = $User->Id;
    6763          else $UserId = 'NULL';
    6864        $Query = 'INSERT INTO `Log` ( `User` , `Type` , `Text` , `Date` , `IP`, `URL` ) '.
    69           'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.$IP.'", "'.$_SERVER['REQUEST_URI'].'")';
     65          'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.
     66      GetRemoteAddress().'", "'.GetRequestURI().'")';
    7067        $System->Database->query($Query);
    7168}
  • trunk/Modules/Referrer/Referrer.php

    r804 r805  
    4040      if(!in_array($HostName, $this->Excludes))
    4141      {
    42         if(!isset($_SERVER['REMOTE_ADDR'])) $IP = 'Konzole';
    43           else $IP = addslashes($_SERVER['REMOTE_ADDR']);
    44 
     42        $IP = GetRemoteAddress();
     43       
    4544        // Check if client IP is not blocked as spam source
    4645        $DbResult = $this->System->Database->query('SELECT COUNT(*) FROM `Referrer` WHERE `LastIP` = "'.$IP.'" AND (`Visible` = 0)');
  • trunk/Modules/ShoutBox/ShoutBox.php

    r765 r805  
    125125                                                $this->System->Database->query('INSERT INTO `ShoutBox` ( `User`, `UserName` , `Text` , `Date` , `IP` ) '.
    126126                                                                ' VALUES ('.$this->System->User->Id.', "'.$this->System->User->Name.
    127                                                                 '", "'.$Text.'", NOW(), "'.$_SERVER['REMOTE_ADDR'].'")');
     127                                                                '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'")');
    128128                                                $Output .= ShowMessage('Zpráva vložena.');
    129129                                        }
  • trunk/Modules/User/User.php

    r801 r805  
    137137      $this->Database->query('UPDATE `UserTrace` SET '.
    138138        '`LastLogin` = NOW(), '.
    139         '`LastIP` = "'.$_SERVER['REMOTE_ADDR'].'", '.
     139        '`LastIP` = "'.GetRemoteAddress().'", '.
    140140        '`UserAgent` = "'.$this->System->Database->real_escape_string($_SERVER['HTTP_USER_AGENT']).'" '.
    141141        ' WHERE `User` = '.$this->Id);
     
    194194  function Licence($Licence)
    195195  {
    196     if(!isset($_SERVER['REMOTE_ADDR'])) return(true); // Execution from command line
    197     else return($this->Role >= $Licence);
     196    if(GetRemoteAddress() == '') return(true); // Execution from command line
     197      else return($this->Role >= $Licence);
    198198  }
    199199
     
    229229      // Refresh time of last access
    230230      $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()'));
    231     } else $this->Database->insert('UserOnline', array('SessionId' => $SID,
     231    } else {
     232        if(GetRemoteAddress() != '') $HostName = gethostbyaddr(GetRemoteAddress());
     233          else $HostName = '';
     234        $this->Database->insert('UserOnline', array('SessionId' => $SID,
    232235      'User' => null, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()',
    233       'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()),
    234       'ScriptName' => $_SERVER['REQUEST_URI']));
    235 
     236      'IpAddress' => GetRemoteAddress(), 'HostName' => $HostName,
     237      'ScriptName' => GetRequestURI()));
     238    }
     239       
    236240    // Logged permanently?
    237241          if(array_key_exists('LoginHash', $_COOKIE))
     
    281285    $UserId = $this->Database->insert_id;
    282286    $this->Database->query('INSERT INTO `UserTrace` (`User`, `LastIP`, `UserAgent`) '.
    283         'VALUES ('.$UserId.', "'.$_SERVER['REMOTE_ADDR'].'", '.
     287        'VALUES ('.$UserId.', "'.GetRemoteAddress().'", '.
    284288        '"'.$this->Database->real_escape_string($_SERVER['HTTP_USER_AGENT']).'")');
    285289  }
  • trunk/admin/install.php

    r765 r805  
    9595  $Output = "<?php
    9696
    97   \$IsDeveloper = in_array(\$_SERVER['REMOTE_ADDR'], array('127.0.0.1'));
     97  \$IsDeveloper = in_array(GetRemoteAddress(), array('127.0.0.1'));
    9898
    9999  \$Config = array(
     
    119119    'ShowSQLQuery' => false,
    120120    'ShowSQLError' => \$IsDeveloper,
     121    'LogSQLQuery' => false,
    121122    'ShowPHPError' => \$IsDeveloper,
    122123    'ShowRuntimeInfo' => \$IsDeveloper,
    123124    'FormatOutput' => \$IsDeveloper,
    124         'ItemsPerPage' => ".$Config['Web']['ItemsPerPage'].",
    125     'TempFolder' => '../tmp/',
     125    'ItemsPerPage' => ".$Config['Web']['ItemsPerPage'].",
     126    'TempFolder' => 'tmp/',
     127    'SourceFolder' => 'source/',
    126128    'GameVersion' => '3.3.5a',
    127129    'VisiblePagingItems' => ".$Config['Web']['VisiblePagingItems'].",
     
    135137  'MaxExportPerUser' => 10,
    136138  'AoWoWExportId' => 1,
    137         'OriginalLanguage' => 1,
     139  'OriginalLanguage' => 1,
    138140  'SystemPassword' => '".$Config['SystemPassword']."',
    139141);";
  • trunk/includes/Update.php

    r553 r805  
    5454        $InstallMethod = $this->InstallMethod;
    5555        $InstallMethod($this);
     56        $this->Update();
    5657  }
    5758 
  • trunk/includes/Version.php

    r804 r805  
    66// and system will need database update.
    77
    8 $Revision = 804; // Subversion revision
     8$Revision = 805; // Subversion revision
    99$DatabaseRevision = 803; // Database structure revision
    10 $ReleaseTime = '2014-04-14';
     10$ReleaseTime = '2014-05-24';
  • trunk/includes/global.php

    r800 r805  
    754754        if(substr($PathString, -1, 1) == '/') $PathString = substr($PathString, 0, -1);
    755755        $PathItems = explode('/', $PathString);
    756         if(strpos($_SERVER['REQUEST_URI'], '?') !== false)
    757                 $_SERVER['QUERY_STRING'] = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1);
     756        if(strpos(GetRequestURI(), '?') !== false)
     757                $_SERVER['QUERY_STRING'] = substr(GetRequestURI(), strpos(GetRequestURI(), '?') + 1);
    758758        else $_SERVER['QUERY_STRING'] = '';
    759759        parse_str($_SERVER['QUERY_STRING'], $_GET);
     
    780780}
    781781
     782function GetClientProxyAddresses()
     783{
     784  if(array_key_exists('HTTP_X_FORWARDED_FOR',$_SERVER)) $IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
     785    else $IP = array();
     786}
     787
    782788function GetRemoteAddress()
    783789{
    784   if(array_key_exists('HTTP_X_FORWARDED_FOR',$_SERVER)) $IP = $_SERVER['HTTP_X_FORWARDED_FOR'] ;
    785   else if(array_key_exists('REMOTE_ADDR', $_SERVER)) $IP = $_SERVER['REMOTE_ADDR'];
    786   else $IP = '0.0.0.0';
     790  if(array_key_exists('REMOTE_ADDR', $_SERVER)) $IP = $_SERVER['REMOTE_ADDR'];
     791    else $IP = '';
    787792  return($IP);
    788793}
     794
     795function GetRequestURI()
     796{
     797  if(array_key_exists('REQUEST_URI', $_SERVER)) return($_SERVER['REQUEST_URI']);
     798    else return($_SERVER['PHP_SELF']);
     799}
  • trunk/includes/system.php

    r800 r805  
    110110    $ScriptStartTime = GetMicrotime();
    111111
    112     if(isset($_SERVER['REMOTE_ADDR'])) session_start();
     112    if(GetRemoteAddress() != '') session_start();
    113113
    114114    if(!isset($Config)) die('Systém není nainstalován. Pokračujte v instalaci <a href="admin/install.php">zde</a>.');
     
    433433                $ScriptGenerateDuration.' s / '.ini_get('max_execution_time').' s &nbsp;&nbsp; '.T('Used memory').': '.
    434434                HumanSize(memory_get_peak_usage(FALSE)).' / '.ini_get('memory_limit').'B &nbsp;&nbsp; <a href="http://validator.w3.org/check?uri='.
    435                 htmlentities('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'].'?'.$_SERVER['QUERY_STRING']).'">HTML validator</a></td></tr>';
     435                htmlentities('http://'.$_SERVER['HTTP_HOST'].GetRequestURI().'?'.$_SERVER['QUERY_STRING']).'">HTML validator</a></td></tr>';
    436436                $Output .= '</table>'.
    437437      '</body>'.
  • trunk/locale/cs.php

    r792 r805  
    202202      'Additional files: modified wow.exe, fonts to game, translated interface aowow and more can be found on page' => 'Doplňkové soubory: upravené wow.exe, fonty do hry, přeložené rozhraní aowow a další najdete na stránce',
    203203      'If none of these files is suitable for you, for example, to the Czech without the translated interface. You can generate your own section in section' => 'Pokud vám nevyhovuje žádný z následujících souborů, například chcete češtinu bez přeloženého rozhraní. Můžete si vygenerovat vlastní v sekci',
    204       'The following files are generated every day, if needed. That means if is added new translation to database. Therefore, if you translate a translation or correct the mistake, tomorrow you can download the new patched version. Or you can rebuild and download for a few minutes the repaired file.' => 'Následující soubory se generují každý den, pokud je zapotřebí. To zanamená, pokud se v databázi oběví nové překlady. Proto, pokud přeložíte nějaký překlad nebo opravíte chybu, zítra si můžete stáhnout novou opravenou verzi. Nebo si můžete přegenerovat a stáhnout si za pár minut opravený soubor.',
     204      'The following files are generated every day, if needed. That means if is added new translation to database. Therefore, if you translate a translation or correct the mistake, tomorrow you can download the new patched version. Or you can rebuild and download for a few minutes the repaired file.' => 'Následující soubory se generují každý den, pokud je zapotřebí. To znamená, pokud se v databázi objeví nové překlady. Proto, pokud přeložíte nějaký překlad nebo opravíte chybu, následující den si můžete stáhnout novou opravenou verzi. Nebo si můžete přegenerovat a stáhnout si za pár minut opravený soubor.',
    205205      'If you no longer want translation in game, you can uninstall it by file Uninstall.exe at the directory of game.' => 'Pokud si češtinu dále nebudete přát, můžete ji jednoduše odinstalovat pomocí souboru Uninstall.exe ve složce hry.',
    206206      'Make export' => 'Exportovat',
Note: See TracChangeset for help on using the changeset viewer.