clientIP() update + additional unit test

darcs-hash:20060908124315-9b6ab-7e4146e1068ab08d5539a7c573502d8373a0e524.gz
author: chris <chris@jalakai.co.uk> 2006-09-08 14:43:15 +0200
committer: chris <chris@jalakai.co.uk> 2006-09-08 14:43:15 +0200
commit: 9eb7920d1301744f3f1be8b89fd0e7a63d97c25b (patch)
tree: e898c813920d6e1f9c35fdea7e4fbca1ca8d1692 /_test
parent: 4ff284433a56bc03d9dc0fa34f0b76cf58950b28 (diff)
download: rpg-9eb7920d1301744f3f1be8b89fd0e7a63d97c25b.tar.gz
rpg-9eb7920d1301744f3f1be8b89fd0e7a63d97c25b.tar.bz2
1 files changed, 8 insertions, 0 deletions
diff --git a/_test/cases/inc/common_clientip.test.php b/_test/cases/inc/common_clientip.test.php
index 257229811..04d071e7d 100644
--- a/_test/cases/inc/common_clientip.test.php
+++ b/_test/cases/inc/common_clientip.test.php
@@ -141,6 +141,14 @@ class common_clientIP_test extends UnitTestCase {
         $this->assertEqual(clientIP(true),$out);
     }
 
+    function test_malicious(){
+        $_SERVER['REMOTE_ADDR']          = '';
+        $_SERVER['HTTP_X_REAL_IP']       = '';
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = '<?php set_time_limit(0);echo \'my_delim\';passthru(123.123.123.123);die;?>';
+        $out = '123.123.123.123';
+        $this->assertEqual(clientIP(),$out);
+    }
+
 
 }
author	chris <chris@jalakai.co.uk>	2006-09-08 14:43:15 +0200
committer	chris <chris@jalakai.co.uk>	2006-09-08 14:43:15 +0200
commit	9eb7920d1301744f3f1be8b89fd0e7a63d97c25b (patch)
tree	e898c813920d6e1f9c35fdea7e4fbca1ca8d1692 /_test
parent	4ff284433a56bc03d9dc0fa34f0b76cf58950b28 (diff)
download	rpg-9eb7920d1301744f3f1be8b89fd0e7a63d97c25b.tar.gz rpg-9eb7920d1301744f3f1be8b89fd0e7a63d97c25b.tar.bz2