Ignore:
Timestamp:
May 24, 2014, 11:35:47 PM (10 years ago)
Author:
chronos
Message:
  • Fixed: Do not log client proxy IP address as remote address because it can be faked and also there can be multiple client proxy addresses.
  • Modified: Do not use directly $_SERVER variables REMOTE_ADDR and REQUEST_URI as they are not initialized if script is executed from command line.
  • Fixed: Default configuration was not complete.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/global.php

    r800 r805  
    754754        if(substr($PathString, -1, 1) == '/') $PathString = substr($PathString, 0, -1);
    755755        $PathItems = explode('/', $PathString);
    756         if(strpos($_SERVER['REQUEST_URI'], '?') !== false)
    757                 $_SERVER['QUERY_STRING'] = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1);
     756        if(strpos(GetRequestURI(), '?') !== false)
     757                $_SERVER['QUERY_STRING'] = substr(GetRequestURI(), strpos(GetRequestURI(), '?') + 1);
    758758        else $_SERVER['QUERY_STRING'] = '';
    759759        parse_str($_SERVER['QUERY_STRING'], $_GET);
     
    780780}
    781781
     782function GetClientProxyAddresses()
     783{
     784  if(array_key_exists('HTTP_X_FORWARDED_FOR',$_SERVER)) $IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
     785    else $IP = array();
     786}
     787
    782788function GetRemoteAddress()
    783789{
    784   if(array_key_exists('HTTP_X_FORWARDED_FOR',$_SERVER)) $IP = $_SERVER['HTTP_X_FORWARDED_FOR'] ;
    785   else if(array_key_exists('REMOTE_ADDR', $_SERVER)) $IP = $_SERVER['REMOTE_ADDR'];
    786   else $IP = '0.0.0.0';
     790  if(array_key_exists('REMOTE_ADDR', $_SERVER)) $IP = $_SERVER['REMOTE_ADDR'];
     791    else $IP = '';
    787792  return($IP);
    788793}
     794
     795function GetRequestURI()
     796{
     797  if(array_key_exists('REQUEST_URI', $_SERVER)) return($_SERVER['REQUEST_URI']);
     798    else return($_SERVER['PHP_SELF']);
     799}
Note: See TracChangeset for help on using the changeset viewer.