Changeset 805 for trunk/includes/system.php

Timestamp:

May 24, 2014, 11:35:47 PM (10 years ago)

Author:

chronos

Message:

• Fixed: Do not log client proxy IP address as remote address because it can be faked and also there can be multiple client proxy addresses.
• Modified: Do not use directly $_SERVER variables REMOTE_ADDR and REQUEST_URI as they are not initialized if script is executed from command line.
• Fixed: Default configuration was not complete.

File:

• trunk/includes/system.php (modified) (2 diffs)

trunk/includes/system.php

@@ -110 +110 @@
     $ScriptStartTime = GetMicrotime();
 
-    if(isset($_SERVER['REMOTE_ADDR'])) session_start();
+    if(GetRemoteAddress() != '') session_start();
 
     if(!isset($Config)) die('Systém není nainstalován. Pokračujte v instalaci <a href="admin/install.php">zde</a>.');
@@ -433 +433 @@
                 $ScriptGenerateDuration.' s / '.ini_get('max_execution_time').' s &nbsp;&nbsp; '.T('Used memory').': '.
                 HumanSize(memory_get_peak_usage(FALSE)).' / '.ini_get('memory_limit').'B &nbsp;&nbsp; <a href="http://validator.w3.org/check?uri='.
-                htmlentities('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'].'?'.$_SERVER['QUERY_STRING']).'">HTML validator</a></td></tr>';
+                htmlentities('http://'.$_SERVER['HTTP_HOST'].GetRequestURI().'?'.$_SERVER['QUERY_STRING']).'">HTML validator</a></td></tr>';
                 $Output .= '</table>'.
       '</body>'.