clientIP() update, data cleaning improvements

as per recent security warning, clientIP() could return other arbitrary data along with an IP address. This fix ensures only IP addresses can be returned by this function. darcs-hash:20060908122744-9b6ab-8c90ca361b038a47b65f3f3dbf7228ae569f8c08.gz

clientIP() update, data cleaning improvements
as per recent security warning, clientIP() could return other arbitrary data along with an IP address. This fix ensures only IP addresses can be returned by this function. darcs-hash:20060908122744-9b6ab-8c90ca361b038a47b65f3f3dbf7228ae569f8c08.gz
4ff28443 · chris · 8403b751 · 4ff28443
Commit 4ff28443 authored 18 years ago by chris
--- a/inc/common.php
+++ b/inc/common.php
@@ -495,9 +495,14 @@ function clientIP($single=false){

  // remove any non-IP stuff
  $cnt = count($ip);
+  $match = array();
  for($i=0; $i<$cnt; $i++){
    $ip[$i] = preg_replace('/[^0-9\.]+/','',$ip[$i]);
-    if(!preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/',$ip[$i])) $ip[$i] = '';
+    if(preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/',$ip[$i],$match)) {
+      $ip[$i] = $match[0];
+    } else {
+      $ip[$i] = '';
+    }
    if(empty($ip[$i])) unset($ip[$i]);
  }
  $ip = array_values(array_unique($ip));