From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Wed, 29 Oct 2008 20:50:09 +0000 (+0100)
Subject: Fix check_ip with invalid HTTP_X_FORWARDED_FOR.
X-Git-Tag: xorg/0.10.0~60
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=a42116d3bbff95b7d5765cf6afb34c54c315d1e1;p=platal.git

Fix check_ip with invalid HTTP_X_FORWARDED_FOR.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---

diff --git a/include/security.inc.php b/include/security.inc.php
index 683dd10..64e3714 100644
--- a/include/security.inc.php
+++ b/include/security.inc.php
@@ -34,8 +34,13 @@ function check_ip($level)
             $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
         }
         $ips[] = $_SERVER['REMOTE_ADDR'];
-        foreach ($ips as &$ip) {
-            $ip = '(ip & mask) = (' . ip_to_uint($ip) . '& mask)';
+        foreach ($ips as $key=>$ip) {
+            $v = ip_to_uint($ip);
+            if (is_null($v)) {
+                unset($ips[$key]);
+            } else {
+                $ips[$key] = '(ip & mask) = (' . $v . '& mask)';
+            }
         }
         $res = XDB::query('SELECT  state, description
                              FROM  ip_watch