Changeset 805 for trunk/includes

Timestamp:

May 24, 2014, 11:35:47 PM (10 years ago)

Author:

chronos

Message:

• Fixed: Do not log client proxy IP address as remote address because it can be faked and also there can be multiple client proxy addresses.
• Modified: Do not use directly $_SERVER variables REMOTE_ADDR and REQUEST_URI as they are not initialized if script is executed from command line.
• Fixed: Default configuration was not complete.

Location:

trunk/includes

Files:

• Update.php (modified) (1 diff)
• Version.php (modified) (1 diff)
• global.php (modified) (2 diffs)
• system.php (modified) (2 diffs)

trunk/includes/Update.php

@@ -54 +54 @@
         $InstallMethod = $this->InstallMethod; 
         $InstallMethod($this);
+        $this->Update();
   }
   

trunk/includes/Version.php

@@ -6 +6 @@
 // and system will need database update.
 
-$Revision = 804; // Subversion revision
+$Revision = 805; // Subversion revision
 $DatabaseRevision = 803; // Database structure revision
-$ReleaseTime = '2014-04-14';
+$ReleaseTime = '2014-05-24';

trunk/includes/global.php

@@ -754 +754 @@
         if(substr($PathString, -1, 1) == '/') $PathString = substr($PathString, 0, -1);
         $PathItems = explode('/', $PathString);
-        if(strpos($_SERVER['REQUEST_URI'], '?') !== false)
-                $_SERVER['QUERY_STRING'] = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1);
+        if(strpos(GetRequestURI(), '?') !== false)
+                $_SERVER['QUERY_STRING'] = substr(GetRequestURI(), strpos(GetRequestURI(), '?') + 1);
         else $_SERVER['QUERY_STRING'] = '';
         parse_str($_SERVER['QUERY_STRING'], $_GET);
@@ -780 +780 @@
 }
 
+function GetClientProxyAddresses()
+{
+  if(array_key_exists('HTTP_X_FORWARDED_FOR',$_SERVER)) $IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    else $IP = array();
+}
+
 function GetRemoteAddress()
 {
-  if(array_key_exists('HTTP_X_FORWARDED_FOR',$_SERVER)) $IP = $_SERVER['HTTP_X_FORWARDED_FOR'] ;
-  else if(array_key_exists('REMOTE_ADDR', $_SERVER)) $IP = $_SERVER['REMOTE_ADDR'];
-  else $IP = '0.0.0.0';
+  if(array_key_exists('REMOTE_ADDR', $_SERVER)) $IP = $_SERVER['REMOTE_ADDR'];
+    else $IP = '';
   return($IP);
 }
+
+function GetRequestURI()
+{
+  if(array_key_exists('REQUEST_URI', $_SERVER)) return($_SERVER['REQUEST_URI']);
+    else return($_SERVER['PHP_SELF']);
+}

trunk/includes/system.php

@@ -110 +110 @@
     $ScriptStartTime = GetMicrotime();
 
-    if(isset($_SERVER['REMOTE_ADDR'])) session_start();
+    if(GetRemoteAddress() != '') session_start();
 
     if(!isset($Config)) die('Systém není nainstalován. Pokračujte v instalaci <a href="admin/install.php">zde</a>.');
@@ -433 +433 @@
                 $ScriptGenerateDuration.' s / '.ini_get('max_execution_time').' s &nbsp;&nbsp; '.T('Used memory').': '.
                 HumanSize(memory_get_peak_usage(FALSE)).' / '.ini_get('memory_limit').'B &nbsp;&nbsp; <a href="http://validator.w3.org/check?uri='.
-                htmlentities('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'].'?'.$_SERVER['QUERY_STRING']).'">HTML validator</a></td></tr>';
+                htmlentities('http://'.$_SERVER['HTTP_HOST'].GetRequestURI().'?'.$_SERVER['QUERY_STRING']).'">HTML validator</a></td></tr>';
                 $Output .= '</table>'.
       '</body>'.