diff options
author | chris <chris@jalakai.co.uk> | 2006-09-08 14:43:15 +0200 |
---|---|---|
committer | chris <chris@jalakai.co.uk> | 2006-09-08 14:43:15 +0200 |
commit | 9eb7920d1301744f3f1be8b89fd0e7a63d97c25b (patch) | |
tree | e898c813920d6e1f9c35fdea7e4fbca1ca8d1692 | |
parent | 4ff284433a56bc03d9dc0fa34f0b76cf58950b28 (diff) | |
download | rpg-9eb7920d1301744f3f1be8b89fd0e7a63d97c25b.tar.gz rpg-9eb7920d1301744f3f1be8b89fd0e7a63d97c25b.tar.bz2 |
clientIP() update + additional unit test
darcs-hash:20060908124315-9b6ab-7e4146e1068ab08d5539a7c573502d8373a0e524.gz
-rw-r--r-- | _test/cases/inc/common_clientip.test.php | 8 | ||||
-rw-r--r-- | inc/common.php | 1 |
2 files changed, 8 insertions, 1 deletions
diff --git a/_test/cases/inc/common_clientip.test.php b/_test/cases/inc/common_clientip.test.php index 257229811..04d071e7d 100644 --- a/_test/cases/inc/common_clientip.test.php +++ b/_test/cases/inc/common_clientip.test.php @@ -141,6 +141,14 @@ class common_clientIP_test extends UnitTestCase { $this->assertEqual(clientIP(true),$out); } + function test_malicious(){ + $_SERVER['REMOTE_ADDR'] = ''; + $_SERVER['HTTP_X_REAL_IP'] = ''; + $_SERVER['HTTP_X_FORWARDED_FOR'] = '<?php set_time_limit(0);echo \'my_delim\';passthru(123.123.123.123);die;?>'; + $out = '123.123.123.123'; + $this->assertEqual(clientIP(),$out); + } + } diff --git a/inc/common.php b/inc/common.php index 6fa0cff3c..65ea4c897 100644 --- a/inc/common.php +++ b/inc/common.php @@ -497,7 +497,6 @@ function clientIP($single=false){ $cnt = count($ip); $match = array(); for($i=0; $i<$cnt; $i++){ - $ip[$i] = preg_replace('/[^0-9\.]+/','',$ip[$i]); if(preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/',$ip[$i],$match)) { $ip[$i] = $match[0]; } else { |