Continues enhancing client_getIp method in client library with securi…

…ty check.
Dj1b · Nov 27, 2018 · a6d397a · a6d397a
1 parent 9a94ad8
commit a6d397a
Showing 1 changed file with 12 additions and 7 deletions.
diff --git a/engine/lib/tool/client.php.inc b/engine/lib/tool/client.php.inc
@@ -4,7 +4,7 @@
  * @details Engine / Tool Library
  * @file engine/lib/tool/client.php.inc
  * @author CaMykS Team <camyks.contact@gmail.com>
- * @version 1.0.46
+ * @version 1.0.47
  * @date Creation: Jun 2007
  * @date Modification: Nov 2018
  * @copyright 2007 - 2018 CaMykS Team
@@ -18,17 +18,22 @@
  */
 function client_getIp() {
     if (!empty($_SERVER['HTTP_CLIENT_IP']))
-        return $_SERVER['HTTP_CLIENT_IP'];
+        $ip = $_SERVER['HTTP_CLIENT_IP'];
     elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
-        return $_SERVER['HTTP_X_FORWARDED_FOR'];
+        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
     elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
-        return $_SERVER['HTTP_X_FORWARDED'];
+        $ip = $_SERVER['HTTP_X_FORWARDED'];
     elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
-        return $_SERVER['HTTP_FORWARDED_FOR'];
+        $ip = $_SERVER['HTTP_FORWARDED_FOR'];
     elseif(!empty($_SERVER['HTTP_FORWARDED']))
-        return $_SERVER['HTTP_FORWARDED'];
+        $ip = $_SERVER['HTTP_FORWARDED'];
     elseif(!empty($_SERVER['REMOTE_ADDR']))
-        return $_SERVER['REMOTE_ADDR'];
+        $ip = $_SERVER['REMOTE_ADDR'];
+    else
+        return '';
+
+    if (string_isValidIPv4($ip))
+        return $ip;
     return '';
 }