Ignore:
Timestamp:
May 24, 2014, 11:35:47 PM (10 years ago)
Author:
chronos
Message:
  • Fixed: Do not log client proxy IP address as remote address because it can be faked and also there can be multiple client proxy addresses.
  • Modified: Do not use directly $_SERVER variables REMOTE_ADDR and REQUEST_URI as they are not initialized if script is executed from command line.
  • Fixed: Default configuration was not complete.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/Modules/Forum/Forum.php

    r792 r805  
    261261                $this->System->Database->query('INSERT INTO `'.$Table.'` ( `User`, `UserName` , `Text` , `Date` , `IP` , `Thread` ) '.
    262262                                                                ' VALUES ('.$this->System->User->Id.', "'.$this->System->User->Name.
    263                                                                 '", "'.$Text.'", NOW(), "'.$_SERVER['REMOTE_ADDR'].'","'.$_GET['Thread'].'")');
     263                                                                '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'","'.$_GET['Thread'].'")');
    264264              } else $Output .= ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
    265265             } else
    266266            $this->System->Database->query('INSERT INTO `'.$Table.'` ( `User`, `UserName` , `Text` , `Date` , `IP`) '.
    267267                                                                ' VALUES ('.$this->System->User->Id.', "'.$this->System->User->Name.
    268                                                                 '", "'.$Text.'", NOW(), "'.$_SERVER['REMOTE_ADDR'].'")');
     268                                                                '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'")');
    269269                                                $Output .= ShowMessage(T('Added.'));
    270270                                        }
Note: See TracChangeset for help on using the changeset viewer.