PsychoticNinja/Stikked
1
0
Fork 0
mirror of https://github.com/claudehohl/Stikked.git synced 2025-04-26 04:51:08 -05:00
Code Issues Projects Releases Wiki Activity

input.php

Browse Source
This commit is contained in:
Claude 2012-10-20 21:09:13 +02:00
parent 270fb37319
commit b4fd46a61d
1 changed files with 36 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
htdocs/application/core/Input.php
View File

@ -73,13 +73,13 @@ class CI_Input {
*/ */
protected $headers = array(); protected $headers = array();
/** /**
* Constructor * Constructor
* *
* Sets whether to globally enable the XSS processing * Sets whether to globally enable the XSS processing
* and whether to allow the $_GET array * and whether to allow the $_GET array
* *
* @return void
*/ */
public function __construct() public function __construct()
{ {
@ -306,51 +306,50 @@ class CI_Input {
/** /**
* Fetch the IP Address * Fetch the IP Address
* *
* @access public
* @return string * @return string
*/ */
function ip_address() public function ip_address()
{ {
if ($this->ip_address !== FALSE) if ($this->ip_address !== FALSE)
{ {
return $this->ip_address; return $this->ip_address;
} }
if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) $proxy_ips = config_item('proxy_ips');
if ( ! empty($proxy_ips))
{ {
$proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxy_ips = explode(',', str_replace(' ', '', $proxy_ips));
$proxies = is_array($proxies) ? $proxies : array($proxies); foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP') as $header)
{
if (($spoof = $this->server($header)) !== FALSE)
{
// Some proxies typically list the whole chain of IP
// addresses through which the client has reached us.
// e.g. client_ip, proxy_ip1, proxy_ip2, etc.
if (strpos($spoof, ',') !== FALSE)
{
$spoof = explode(',', $spoof, 2);
$spoof = $spoof[0];
}
$this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; if ( ! $this->valid_ip($spoof))
}
elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP'))
{ {
$this->ip_address = $_SERVER['HTTP_CLIENT_IP']; $spoof = FALSE;
} }
elseif ($this->server('REMOTE_ADDR')) else
{
break;
}
}
}
$this->ip_address = ($spoof !== FALSE && in_array($_SERVER['REMOTE_ADDR'], $proxy_ips, TRUE))
? $spoof : $_SERVER['REMOTE_ADDR'];
}
else
{ {
$this->ip_address = $_SERVER['REMOTE_ADDR']; $this->ip_address = $_SERVER['REMOTE_ADDR'];
} }
elseif ($this->server('HTTP_CLIENT_IP'))
{
$this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
}
elseif ($this->server('HTTP_X_FORWARDED_FOR'))
{
$this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
if ($this->ip_address === FALSE)
{
$this->ip_address = '0.0.0.0';
return $this->ip_address;
}
if (strpos($this->ip_address, ',') !== FALSE)
{
$x = explode(',', $this->ip_address);
$this->ip_address = trim(end($x));
}
if ( ! $this->valid_ip($this->ip_address)) if ( ! $this->valid_ip($this->ip_address))
{ {
@ -642,8 +641,8 @@ class CI_Input {
$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
// CSRF Protection check // CSRF Protection check on HTTP requests
if ($this->_enable_csrf == TRUE) if ($this->_enable_csrf == TRUE && ! $this->is_cli_request())
{ {
$this->security->csrf_verify(); $this->security->csrf_verify();
} }
@ -838,11 +837,11 @@ class CI_Input {
* *
* Test to see if a request was made from the command line * Test to see if a request was made from the command line
* *
* @return boolean * @return bool
*/ */
public function is_cli_request() public function is_cli_request()
{ {
return (php_sapi_name() == 'cli') or defined('STDIN'); return (php_sapi_name() === 'cli' OR defined('STDIN'));
} }
} }