Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.1.1
Bug #13182 Bad Regex in getUserIP
Submitted: 2008-02-23 20:56 UTC
From: datasage Assigned: till
Status: Closed Package: HTTP_FloodControl (version 0.1.1)
PHP Version: 5.2.3 OS: Freebsd
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 13 + 15 = ?

 
 [2008-02-23 20:56 UTC] datasage (Dan Johansson)
Description: ------------ While its not exactly valid usage. It is possible that a user may be configured with a NAT/cache system that will return only an internal IP for HTTP_X_FORWARDED_FOR. The regex should be limited to only localhost or invalid IPs. Like this: ~^((0|255|127\.0)\.|unknown)~ Test script: --------------- No test script needed

Comments

 [2011-03-27 19:53 UTC] till (Till Klampaeckel)
-Status: Open +Status: Closed -Assigned To: +Assigned To: till
This bug has been fixed in SVN. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. Yeah, it's incorrect behavior. I had my share of this at work and we included REMOTE_ADDR in checking even when HTTP_X_FORWARDED_FOR was set. Fixes virtually all issues for us and we don't have to 'allow' private networks which can lead to other issues.