nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

checks that the header contains only one IP

Browse Source
This commit is contained in:
Marc Delisle
2006-12-07 17:57:02 +00:00
parent 5511c701e4
commit c165dbe297
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -5,6 +5,10 @@ phpMyAdmin - ChangeLog
$Id$ $Id$
$HeadURL$ $HeadURL$
2006-12-07 Marc Delisle <lem9@users.sourceforge.net>
* libraries/ip_allow_deny.lib.php: checks that the header contains
only one IP address, thanks to Christian Schmidt
2006-12-06 Marc Delisle <lem9@users.sourceforge.net> 2006-12-06 Marc Delisle <lem9@users.sourceforge.net>
* libraries/import.lib.php, /common.lib.php: bug #1603660, * libraries/import.lib.php, /common.lib.php: bug #1603660,
incorrect escaping of ">" incorrect escaping of ">"

3
libraries/ip_allow_deny.lib.php
View File

@@ -28,7 +28,8 @@ function PMA_getIp()
/* Do we trust this IP as a proxy? If yes we will use it's header. */ /* Do we trust this IP as a proxy? If yes we will use it's header. */
if (isset($GLOBALS['cfg']['TrustedProxies'][$direct_ip])) { if (isset($GLOBALS['cfg']['TrustedProxies'][$direct_ip])) {
$proxy_ip = PMA_getenv($GLOBALS['cfg']['TrustedProxies'][$direct_ip]); $proxy_ip = PMA_getenv($GLOBALS['cfg']['TrustedProxies'][$direct_ip]);
$is_ip = preg_match('|^([0-9]{1,3}\.){3,3}[0-9]{1,3}|', $proxy_ip, $regs); // the $ checks that the header contains only one IP address
$is_ip = preg_match('|^([0-9]{1,3}\.){3,3}[0-9]{1,3}$|', $proxy_ip, $regs);
if ($is_ip && (count($regs) > 0)) { if ($is_ip && (count($regs) > 0)) {
// True IP behind a proxy // True IP behind a proxy
return $regs[0]; return $regs[0];