Changeset 805 for trunk/Modules/Forum/Forum.php

Timestamp:

May 24, 2014, 11:35:47 PM (10 years ago)

Author:

chronos

Message:

• Fixed: Do not log client proxy IP address as remote address because it can be faked and also there can be multiple client proxy addresses.
• Modified: Do not use directly $_SERVER variables REMOTE_ADDR and REQUEST_URI as they are not initialized if script is executed from command line.
• Fixed: Default configuration was not complete.

File:

• trunk/Modules/Forum/Forum.php (modified) (1 diff)

trunk/Modules/Forum/Forum.php

@@ -261 +261 @@
                 $this->System->Database->query('INSERT INTO `'.$Table.'` ( `User`, `UserName` , `Text` , `Date` , `IP` , `Thread` ) '.
                                                                 ' VALUES ('.$this->System->User->Id.', "'.$this->System->User->Name.
-                                                                '", "'.$Text.'", NOW(), "'.$_SERVER['REMOTE_ADDR'].'","'.$_GET['Thread'].'")');
+                                                                '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'","'.$_GET['Thread'].'")');
               } else $Output .= ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
              } else
             $this->System->Database->query('INSERT INTO `'.$Table.'` ( `User`, `UserName` , `Text` , `Date` , `IP`) '.
                                                                 ' VALUES ('.$this->System->User->Id.', "'.$this->System->User->Name.
-                                                                '", "'.$Text.'", NOW(), "'.$_SERVER['REMOTE_ADDR'].'")');
+                                                                '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'")');
                                                 $Output .= ShowMessage(T('Added.'));
                                         }