Changeset 805 for trunk/includes/global.php

Timestamp:

May 24, 2014, 11:35:47 PM (10 years ago)

Author:

chronos

Message:

• Fixed: Do not log client proxy IP address as remote address because it can be faked and also there can be multiple client proxy addresses.
• Modified: Do not use directly $_SERVER variables REMOTE_ADDR and REQUEST_URI as they are not initialized if script is executed from command line.
• Fixed: Default configuration was not complete.

File:

• trunk/includes/global.php (modified) (2 diffs)

trunk/includes/global.php

@@ -754 +754 @@
         if(substr($PathString, -1, 1) == '/') $PathString = substr($PathString, 0, -1);
         $PathItems = explode('/', $PathString);
-        if(strpos($_SERVER['REQUEST_URI'], '?') !== false)
-                $_SERVER['QUERY_STRING'] = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1);
+        if(strpos(GetRequestURI(), '?') !== false)
+                $_SERVER['QUERY_STRING'] = substr(GetRequestURI(), strpos(GetRequestURI(), '?') + 1);
         else $_SERVER['QUERY_STRING'] = '';
         parse_str($_SERVER['QUERY_STRING'], $_GET);
@@ -780 +780 @@
 }
 
+function GetClientProxyAddresses()
+{
+  if(array_key_exists('HTTP_X_FORWARDED_FOR',$_SERVER)) $IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    else $IP = array();
+}
+
 function GetRemoteAddress()
 {
-  if(array_key_exists('HTTP_X_FORWARDED_FOR',$_SERVER)) $IP = $_SERVER['HTTP_X_FORWARDED_FOR'] ;
-  else if(array_key_exists('REMOTE_ADDR', $_SERVER)) $IP = $_SERVER['REMOTE_ADDR'];
-  else $IP = '0.0.0.0';
+  if(array_key_exists('REMOTE_ADDR', $_SERVER)) $IP = $_SERVER['REMOTE_ADDR'];
+    else $IP = '';
   return($IP);
 }
+
+function GetRequestURI()
+{
+  if(array_key_exists('REQUEST_URI', $_SERVER)) return($_SERVER['REQUEST_URI']);
+    else return($_SERVER['PHP_SELF']);
+}