From 843a6e11ae6ce05ee8d689b62ec7cb6eff97e92d Mon Sep 17 00:00:00 2001 From: "Fedor A. Fetisov" Date: Mon, 22 May 2017 02:01:08 +0300 Subject: [PATCH 1/5] Define correct remote IP for a visitor (with IPv6 support) See #197 --- src/mibew/libs/chat.php | 6 +++++- .../Mibew/RequestProcessor/UsersProcessor.php | 14 ++++---------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/src/mibew/libs/chat.php b/src/mibew/libs/chat.php index 39b1f6e4..c21f7c16 100644 --- a/src/mibew/libs/chat.php +++ b/src/mibew/libs/chat.php @@ -581,7 +581,11 @@ function get_remote_host() $has_proxy = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != $_SERVER['REMOTE_ADDR']; if ($has_proxy) { - $ext_addr = $_SERVER['REMOTE_ADDR'] . ' (' . $_SERVER['HTTP_X_FORWARDED_FOR'] . ')'; + $count = 0; + $ext_addr = preg_replace('/^([^,]+)(,\s.+)?/', '\\1', $_SERVER['HTTP_X_FORWARDED_FOR'], -1, $count); + if ($count > 1) { + $ext_addr = $ext_addr . ' (' . $_SERVER['HTTP_X_FORWARDED_FOR'] . ')'; + } } return isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : $ext_addr; diff --git a/src/mibew/libs/classes/Mibew/RequestProcessor/UsersProcessor.php b/src/mibew/libs/classes/Mibew/RequestProcessor/UsersProcessor.php index 4cc007d1..b5f34ad2 100644 --- a/src/mibew/libs/classes/Mibew/RequestProcessor/UsersProcessor.php +++ b/src/mibew/libs/classes/Mibew/RequestProcessor/UsersProcessor.php @@ -266,11 +266,8 @@ class UsersProcessor extends ClientSideProcessor implements AuthenticationManage ); // Get user ip - if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $thread->remote, $matches) != 0) { - $user_ip = $matches[1]; - } else { - $user_ip = false; - } + $user_ip = preg_replace('/^(\S+)(\s.+)?/', '\\1', $thread->remote); + $user_ip = filter_var($user_ip, FILTER_VALIDATE_IP); // Get thread operartor name $next_agent = $thread->nextAgent != 0 @@ -438,11 +435,8 @@ class UsersProcessor extends ClientSideProcessor implements AuthenticationManage $user_agent = get_user_agent_version($details['user_agent']); // Get user ip - if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $details['remote_host'], $matches) != 0) { - $user_ip = $matches[1]; - } else { - $user_ip = false; - } + $user_ip = preg_replace('/^(\S+)(\s.+)?/', '\\1', $details['remote_host']); + $user_ip = filter_var($user_ip, FILTER_VALIDATE_IP); // Get invitation info $row['invited'] = ($row['invitationstate'] == Thread::INVITATION_WAIT); From f105a0b5d2bcf704a55d9d8dfde0d976e06beac5 Mon Sep 17 00:00:00 2001 From: "Fedor A. Fetisov" Date: Mon, 22 May 2017 02:03:29 +0300 Subject: [PATCH 2/5] Fix inline doc for get_remote_host() --- src/mibew/libs/chat.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/mibew/libs/chat.php b/src/mibew/libs/chat.php index c21f7c16..85c3183f 100644 --- a/src/mibew/libs/chat.php +++ b/src/mibew/libs/chat.php @@ -572,8 +572,7 @@ function visitor_from_request() } /** - * @return array Return remote host from active request. contains - * (user_id string, user_name string) + * @return string Return remote host from active request */ function get_remote_host() { From d8a63bc2cddc005d8de3a38747abe219722e1112 Mon Sep 17 00:00:00 2001 From: "Fedor A. Fetisov" Date: Tue, 23 May 2017 16:16:00 +0300 Subject: [PATCH 3/5] Fix invalid algorithm in setting the value for a visitor's IP --- src/mibew/libs/chat.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/mibew/libs/chat.php b/src/mibew/libs/chat.php index 85c3183f..ab480919 100644 --- a/src/mibew/libs/chat.php +++ b/src/mibew/libs/chat.php @@ -580,11 +580,10 @@ function get_remote_host() $has_proxy = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != $_SERVER['REMOTE_ADDR']; if ($has_proxy) { - $count = 0; - $ext_addr = preg_replace('/^([^,]+)(,\s.+)?/', '\\1', $_SERVER['HTTP_X_FORWARDED_FOR'], -1, $count); - if ($count > 1) { - $ext_addr = $ext_addr . ' (' . $_SERVER['HTTP_X_FORWARDED_FOR'] . ')'; - } + $ips = explode(' ', $_SERVER['HTTP_X_FORWARDED_FOR'], 2); + $ext_addr = (count($ips) > 1) + ? $ips[0] . ' (' . $_SERVER['HTTP_X_FORWARDED_FOR'] . ')' + : $ips[0]; } return isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : $ext_addr; From 35bbb22c56b7f6e732ea671fa7a5cf8b5002ca85 Mon Sep 17 00:00:00 2001 From: "Fedor A. Fetisov" Date: Wed, 24 May 2017 16:52:30 +0300 Subject: [PATCH 4/5] Fix a typo --- src/mibew/libs/chat.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mibew/libs/chat.php b/src/mibew/libs/chat.php index ab480919..781c509c 100644 --- a/src/mibew/libs/chat.php +++ b/src/mibew/libs/chat.php @@ -580,7 +580,7 @@ function get_remote_host() $has_proxy = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != $_SERVER['REMOTE_ADDR']; if ($has_proxy) { - $ips = explode(' ', $_SERVER['HTTP_X_FORWARDED_FOR'], 2); + $ips = explode(', ', $_SERVER['HTTP_X_FORWARDED_FOR'], 2); $ext_addr = (count($ips) > 1) ? $ips[0] . ' (' . $_SERVER['HTTP_X_FORWARDED_FOR'] . ')' : $ips[0]; From 8c99b13e12052ce9055f92eb9a8c9dddc98ea01d Mon Sep 17 00:00:00 2001 From: "Fedor A. Fetisov" Date: Thu, 25 May 2017 12:01:11 +0300 Subject: [PATCH 5/5] Improve algorithm in setting the value for a visitor's IP --- src/mibew/libs/chat.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mibew/libs/chat.php b/src/mibew/libs/chat.php index 781c509c..d893c536 100644 --- a/src/mibew/libs/chat.php +++ b/src/mibew/libs/chat.php @@ -580,7 +580,7 @@ function get_remote_host() $has_proxy = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != $_SERVER['REMOTE_ADDR']; if ($has_proxy) { - $ips = explode(', ', $_SERVER['HTTP_X_FORWARDED_FOR'], 2); + $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'], 2); $ext_addr = (count($ips) > 1) ? $ips[0] . ' (' . $_SERVER['HTTP_X_FORWARDED_FOR'] . ')' : $ips[0];