Ignore:
Timestamp:
May 24, 2014, 11:35:47 PM (10 years ago)
Author:
chronos
Message:
  • Fixed: Do not log client proxy IP address as remote address because it can be faked and also there can be multiple client proxy addresses.
  • Modified: Do not use directly $_SERVER variables REMOTE_ADDR and REQUEST_URI as they are not initialized if script is executed from command line.
  • Fixed: Default configuration was not complete.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/Modules/Log/Log.php

    r765 r805  
    3333  function WriteLog($Text, $Type)
    3434  {
    35         if(!isset($_SERVER['REMOTE_ADDR'])) $IP = 'Konzole';
    36           else $IP = addslashes($_SERVER['REMOTE_ADDR']);
    37        
    38         if(isset($this->System->User) and !is_null($this->System->User->Id)) $UserId = $this->System->User->Id;
     35        if(isset($this->System->User) and !is_null($this->System->User->Id))
     36          $UserId = $this->System->User->Id;
    3937          else $UserId = 'NULL';
    4038        $Query = 'INSERT INTO `Log` ( `User` , `Type` , `Text` , `Date` , `IP`, `URL` ) '.
    41                 'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.$IP.'", "'.$_SERVER['REQUEST_URI'].'")';
     39          'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.
     40          GetRemoteAddress().'", "'.GetRequestURI().'")';
    4241        $this->System->Database->query($Query);
    4342  }
     
    6059{
    6160        global $System, $User;
    62 
    63         if(!isset($_SERVER['REMOTE_ADDR'])) $IP = 'Konzole';
    64           else $IP = addslashes($_SERVER['REMOTE_ADDR']);
    65 
     61       
    6662        if(isset($User) and !is_null($User->Id)) $UserId = $User->Id;
    6763          else $UserId = 'NULL';
    6864        $Query = 'INSERT INTO `Log` ( `User` , `Type` , `Text` , `Date` , `IP`, `URL` ) '.
    69           'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.$IP.'", "'.$_SERVER['REQUEST_URI'].'")';
     65          'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.
     66      GetRemoteAddress().'", "'.GetRequestURI().'")';
    7067        $System->Database->query($Query);
    7168}
Note: See TracChangeset for help on using the changeset viewer.