Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix SQL injection issue CVE-2013-3081
  • Loading branch information
harveykane committed May 6, 2013
1 parent 9c000f9 commit 972757c
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions plugins/jojo_core/classes/Jojo.php
Expand Up @@ -2461,14 +2461,18 @@ static function checkEmailFormat($email)
/* Gets the IP address of the visitor, bypassing proxies */
static function getIp()
{
$ip = false;
if ( (getenv('HTTP_X_FORWARDED_FOR') != '') && (strtolower(getenv('HTTP_X_FORWARDED_FOR')) != 'unknown')) {
$iparray = explode(',', getenv('HTTP_X_FORWARDED_FOR'));
return $iparray[0];
$ip = $iparray[0];
} elseif (getenv('REMOTE_ADDR') != '') {
return getenv('REMOTE_ADDR');
} else {
return false;
$ip = getenv('REMOTE_ADDR');
}
/* check IP is valid format */
if (preg_match('/\\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b/', $ip)) {
return $ip;
}
return false;
}

/* reads the user agent string and gives the browser type - quick and simple detection */
Expand Down

2 comments on commit 972757c

@Hambrook
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you mind if I replaced your regexp with PHP Filter Validation (to use a "built-in" function)? Or is the regexp doing something extra?

We could even wrap it in Jojo::validateIP() or Jojo::sanitiseIP() to make it easier to use in other places too.

@harveykane
Copy link
Contributor Author

@harveykane harveykane commented on 972757c May 7, 2013 via email

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.