mirror of
https://github.com/claudehohl/Stikked.git
synced 2025-04-25 20:41:20 -05:00
input.php
This commit is contained in:
Claude
parent
270fb37319
commit
b4fd46a61d
@ -73,13 +73,13 @@ class CI_Input {
|
||||
*/
|
||||
protected $headers = array();
|
||||
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* Sets whether to globally enable the XSS processing
|
||||
* and whether to allow the $_GET array
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
@ -306,51 +306,50 @@ class CI_Input {
|
||||
/**
|
||||
* Fetch the IP Address
|
||||
*
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
function ip_address()
|
||||
public function ip_address()
|
||||
{
|
||||
if ($this->ip_address !== FALSE)
|
||||
{
|
||||
return $this->ip_address;
|
||||
}
|
||||
|
||||
if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR'))
|
||||
$proxy_ips = config_item('proxy_ips');
|
||||
if ( ! empty($proxy_ips))
|
||||
{
|
||||
$proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY);
|
||||
$proxies = is_array($proxies) ? $proxies : array($proxies);
|
||||
$proxy_ips = explode(',', str_replace(' ', '', $proxy_ips));
|
||||
foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP') as $header)
|
||||
{
|
||||
if (($spoof = $this->server($header)) !== FALSE)
|
||||
{
|
||||
// Some proxies typically list the whole chain of IP
|
||||
// addresses through which the client has reached us.
|
||||
// e.g. client_ip, proxy_ip1, proxy_ip2, etc.
|
||||
if (strpos($spoof, ',') !== FALSE)
|
||||
{
|
||||
$spoof = explode(',', $spoof, 2);
|
||||
$spoof = $spoof[0];
|
||||
}
|
||||
|
||||
$this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP'))
|
||||
if ( ! $this->valid_ip($spoof))
|
||||
{
|
||||
$this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
|
||||
$spoof = FALSE;
|
||||
}
|
||||
elseif ($this->server('REMOTE_ADDR'))
|
||||
else
|
||||
{
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$this->ip_address = ($spoof !== FALSE && in_array($_SERVER['REMOTE_ADDR'], $proxy_ips, TRUE))
|
||||
? $spoof : $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->ip_address = $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
elseif ($this->server('HTTP_CLIENT_IP'))
|
||||
{
|
||||
$this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
|
||||
}
|
||||
elseif ($this->server('HTTP_X_FORWARDED_FOR'))
|
||||
{
|
||||
$this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
}
|
||||
|
||||
if ($this->ip_address === FALSE)
|
||||
{
|
||||
$this->ip_address = '0.0.0.0';
|
||||
return $this->ip_address;
|
||||
}
|
||||
|
||||
if (strpos($this->ip_address, ',') !== FALSE)
|
||||
{
|
||||
$x = explode(',', $this->ip_address);
|
||||
$this->ip_address = trim(end($x));
|
||||
}
|
||||
|
||||
if ( ! $this->valid_ip($this->ip_address))
|
||||
{
|
||||
@ -642,8 +641,8 @@ class CI_Input {
|
||||
$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
|
||||
|
||||
|
||||
// CSRF Protection check
|
||||
if ($this->_enable_csrf == TRUE)
|
||||
// CSRF Protection check on HTTP requests
|
||||
if ($this->_enable_csrf == TRUE && ! $this->is_cli_request())
|
||||
{
|
||||
$this->security->csrf_verify();
|
||||
}
|
||||
@ -838,11 +837,11 @@ class CI_Input {
|
||||
*
|
||||
* Test to see if a request was made from the command line
|
||||
*
|
||||
* @return boolean
|
||||
* @return bool
|
||||
*/
|
||||
public function is_cli_request()
|
||||
{
|
||||
return (php_sapi_name() == 'cli') or defined('STDIN');
|
||||
return (php_sapi_name() === 'cli' OR defined('STDIN'));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user