From 52c10b68c275248eb7e12ec1d039876cd5f81f11 Mon Sep 17 00:00:00 2001 From: John Bellone Date: Sun, 21 Aug 2011 11:41:32 -0400 Subject: Making changes to stop remote spoofing --- system/core/Input.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index cfbef942d..365f779de 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -287,13 +287,13 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) + elseif ($this->server('REMOTE_ADDR') AND ! $this->server('HTTP_CLIENT_IP')) { - $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; + $this->ip_address = $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR')) + elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) { - $this->ip_address = $_SERVER['REMOTE_ADDR']; + $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; } elseif ($this->server('HTTP_CLIENT_IP')) { -- cgit v1.2.3-24-g4f1b From 16f27b402049dc2ff0cc09faf4885aee944ba639 Mon Sep 17 00:00:00 2001 From: John Bellone Date: Sun, 21 Aug 2011 11:45:11 -0400 Subject: Changed order --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 365f779de..df9d2a5b7 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -287,7 +287,7 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR') AND ! $this->server('HTTP_CLIENT_IP')) + elseif (! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) { $this->ip_address = $_SERVER['REMOTE_ADDR']; } -- cgit v1.2.3-24-g4f1b From c9f84c1f916a7f3b92b02e45cc8c1cd9a040436b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 10:45:39 +0800 Subject: Update: if php version >= 5.2, use filter_var to check validate ip. --- system/core/Input.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 0dc2c4550..f99adad01 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -373,6 +373,12 @@ class CI_Input { */ function valid_ip($ip) { + // if php version >= 5.2, use filter_var to check validate ip. + if(is_php('5.2')) + { + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); + } + $ip_segments = explode('.', $ip); // Always 4 segments needed -- cgit v1.2.3-24-g4f1b From 4db872f861dbf48b55749c53c504481f99db3551 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 10:52:37 +0800 Subject: Update: add public or private prefix. --- system/core/Input.php | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index f99adad01..2395501f3 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -116,7 +116,7 @@ class CI_Input { * @param bool * @return string */ - function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) + private function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { if ( ! isset($array[$index])) { @@ -141,7 +141,7 @@ class CI_Input { * @param bool * @return string */ - function get($index = NULL, $xss_clean = FALSE) + public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided if ($index === NULL AND ! empty($_GET)) @@ -169,7 +169,7 @@ class CI_Input { * @param bool * @return string */ - function post($index = NULL, $xss_clean = FALSE) + public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided if ($index === NULL AND ! empty($_POST)) @@ -198,7 +198,7 @@ class CI_Input { * @param bool XSS cleaning * @return string */ - function get_post($index = '', $xss_clean = FALSE) + public function get_post($index = '', $xss_clean = FALSE) { if ( ! isset($_POST[$index]) ) { @@ -220,7 +220,7 @@ class CI_Input { * @param bool * @return string */ - function cookie($index = '', $xss_clean = FALSE) + public function cookie($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } @@ -243,7 +243,7 @@ class CI_Input { * @param bool true makes the cookie secure * @return void */ - function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) { if (is_array($name)) { @@ -296,7 +296,7 @@ class CI_Input { * @param bool * @return string */ - function server($index = '', $xss_clean = FALSE) + public function server($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_SERVER, $index, $xss_clean); } @@ -309,7 +309,7 @@ class CI_Input { * @access public * @return string */ - function ip_address() + public function ip_address() { if ($this->ip_address !== FALSE) { @@ -371,7 +371,7 @@ class CI_Input { * @param string * @return string */ - function valid_ip($ip) + public function valid_ip($ip) { // if php version >= 5.2, use filter_var to check validate ip. if(is_php('5.2')) @@ -413,7 +413,7 @@ class CI_Input { * @access public * @return string */ - function user_agent() + public function user_agent() { if ($this->user_agent !== FALSE) { @@ -441,7 +441,7 @@ class CI_Input { * @access private * @return void */ - function _sanitize_globals() + private function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', @@ -542,7 +542,7 @@ class CI_Input { * @param string * @return string */ - function _clean_input_data($str) + private function _clean_input_data($str) { if (is_array($str)) { @@ -600,7 +600,7 @@ class CI_Input { * @param string * @return string */ - function _clean_input_keys($str) + private function _clean_input_keys($str) { if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str)) { @@ -624,6 +624,7 @@ class CI_Input { * In Apache, you can simply call apache_request_headers(), however for * people running other webservers the function is undefined. * + * @access public * @param bool XSS cleaning * * @return array @@ -667,6 +668,7 @@ class CI_Input { * * Returns the value of a single member of the headers class member * + * @access public * @param string array key for $this->headers * @param boolean XSS Clean or not * @return mixed FALSE on failure, string on success @@ -698,6 +700,7 @@ class CI_Input { * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * + * @access public * @return boolean */ public function is_ajax_request() @@ -712,6 +715,7 @@ class CI_Input { * * Test to see if a request was made from the command line * + * @access public * @return boolean */ public function is_cli_request() -- cgit v1.2.3-24-g4f1b From 4ddee144b3493eaceeed6ca9eb6138c881f43eac Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 14:35:32 +0800 Subject: Update: check filter_var function exist --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 2395501f3..2b36ea3c7 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -374,7 +374,7 @@ class CI_Input { public function valid_ip($ip) { // if php version >= 5.2, use filter_var to check validate ip. - if(is_php('5.2')) + if(function_exists('filter_var')) { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } -- cgit v1.2.3-24-g4f1b From 013c895e7f7e9122f8d2e8c80a3ac77f190c5171 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 15:03:44 +0800 Subject: Update: modified return bool value on comment --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 2b36ea3c7..1e37b11ea 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -369,7 +369,7 @@ class CI_Input { * * @access public * @param string - * @return string + * @return bool */ public function valid_ip($ip) { -- cgit v1.2.3-24-g4f1b From 47213794f2b09fb3540e1d0e53e50e8b084345e6 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 13 Sep 2011 22:44:07 +0800 Subject: Update: change _fetch_from_array form private to protected --- system/core/Input.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 1e37b11ea..f39371fb0 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -110,13 +110,13 @@ class CI_Input { * * This is a helper function to retrieve values from global arrays * - * @access private + * @access protected * @param array * @param string * @param bool * @return string */ - private function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) + protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { if ( ! isset($array[$index])) { @@ -374,7 +374,7 @@ class CI_Input { public function valid_ip($ip) { // if php version >= 5.2, use filter_var to check validate ip. - if(function_exists('filter_var')) + if (function_exists('filter_var')) { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } -- cgit v1.2.3-24-g4f1b From 8d263b02c56e25305621535e184333e8cdace9bd Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 18:47:09 +0300 Subject: Suppress warnings generated by get_magic_quotes_gpc() (issue #467) --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index f39371fb0..6f8442107 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -555,7 +555,7 @@ class CI_Input { } // We strip slashes if magic quotes is on to keep things consistent - if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc()) + if (function_exists('get_magic_quotes_gpc') AND @get_magic_quotes_gpc()) { $str = stripslashes($str); } -- cgit v1.2.3-24-g4f1b