Ignore:
Timestamp:
May 24, 2014, 11:35:47 PM (11 years ago)
Author:
chronos
Message:
  • Fixed: Do not log client proxy IP address as remote address because it can be faked and also there can be multiple client proxy addresses.
  • Modified: Do not use directly $_SERVER variables REMOTE_ADDR and REQUEST_URI as they are not initialized if script is executed from command line.
  • Fixed: Default configuration was not complete.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/system.php

    r800 r805  
    110110    $ScriptStartTime = GetMicrotime();
    111111
    112     if(isset($_SERVER['REMOTE_ADDR'])) session_start();
     112    if(GetRemoteAddress() != '') session_start();
    113113
    114114    if(!isset($Config)) die('Systém není nainstalován. Pokračujte v instalaci <a href="admin/install.php">zde</a>.');
     
    433433                $ScriptGenerateDuration.' s / '.ini_get('max_execution_time').' s &nbsp;&nbsp; '.T('Used memory').': '.
    434434                HumanSize(memory_get_peak_usage(FALSE)).' / '.ini_get('memory_limit').'B &nbsp;&nbsp; <a href="http://validator.w3.org/check?uri='.
    435                 htmlentities('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'].'?'.$_SERVER['QUERY_STRING']).'">HTML validator</a></td></tr>';
     435                htmlentities('http://'.$_SERVER['HTTP_HOST'].GetRequestURI().'?'.$_SERVER['QUERY_STRING']).'">HTML validator</a></td></tr>';
    436436                $Output .= '</table>'.
    437437      '</body>'.
Note: See TracChangeset for help on using the changeset viewer.