Fix check_ip with invalid HTTP_X_FORWARDED_FOR.

author Florent Bruneau <florent.bruneau@polytechnique.org>

Wed, 29 Oct 2008 20:50:09 +0000 (21:50 +0100)

committer Florent Bruneau <florent.bruneau@polytechnique.org>

Wed, 29 Oct 2008 20:50:45 +0000 (21:50 +0100)
author Florent Bruneau <florent.bruneau@polytechnique.org>
Wed, 29 Oct 2008 20:50:09 +0000 (21:50 +0100)
committer Florent Bruneau <florent.bruneau@polytechnique.org>
Wed, 29 Oct 2008 20:50:45 +0000 (21:50 +0100)
diff --git a/include/security.inc.php b/include/security.inc.php

index 683dd10..64e3714 100644 (file)
--- a/include/security.inc.php
+++ b/include/security.inc.php
@@ -34,8 +34,13 @@ function check_ip($level)
              $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
          }
          $ips[] = $_SERVER['REMOTE_ADDR'];
-        foreach ($ips as &$ip) {
-            $ip = '(ip & mask) = (' . ip_to_uint($ip) . '& mask)';
+        foreach ($ips as $key=>$ip) {
+            $v = ip_to_uint($ip);
+            if (is_null($v)) {
+                unset($ips[$key]);
+            } else {
+                $ips[$key] = '(ip & mask) = (' . $v . '& mask)';
+            }
          }
          $res = XDB::query('SELECT  state, description
                               FROM  ip_watch
author	Florent Bruneau <florent.bruneau@polytechnique.org>
	Wed, 29 Oct 2008 20:50:09 +0000 (21:50 +0100)
committer	Florent Bruneau <florent.bruneau@polytechnique.org>
	Wed, 29 Oct 2008 20:50:45 +0000 (21:50 +0100)