qbi/additional_plugins
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
additional_plugins/serendipity_event_proxy_realip/serendipity_event_proxy_realip.php
kleinerChemiker adb12ffd9d 3 problems fixed 
1.0.1
----
# Vulnerability fixed.
# realip_var default fixed
# Fix when $realip_var not set
2013-06-22 17:08:14 +03:00

91 lines
3 KiB
PHP
Raw Blame History

<?php
if (IN_serendipity !== true) {
die("Don't hack!");
}
// Probe for a language include with constants. Still include defines later on, if some constants were missing
$probelang = dirname(__FILE__) . '/' . $serendipity['charset'] . 'lang_' . $serendipity['lang'] . '.inc.php';
if (file_exists($probelang)) {
include $probelang;
} else {
include dirname(__FILE__) . '/lang_en.inc.php';
}
class serendipity_event_proxy_realip extends serendipity_event {
var $title = PLUGIN_EVENT_PROXY_REALIP_NAME;
function introspect(&$propbag) {
global $serendipity;
$propbag->add('name', PLUGIN_EVENT_PROXY_REALIP_NAME);
$propbag->add('description', PLUGIN_EVENT_PROXY_REALIP_DESC);
$propbag->add('stackable', false);
$propbag->add('author', '<a href="http://blog.kleinerChemiker.net/" target="_blank">kleinerChemiker</a>');
$propbag->add('version', '1.0.1');
$propbag->add('requirements', array('serendipity' => '1.6.2', 'smarty' => '2.6.7', 'php' => '5.3.0'));
$propbag->add('groups', array('BACKEND_FEATURES'));
$propbag->add('event_hooks', array('frontend_configure' => true));
$conf_array = array();
$conf_array[] = 'realip_var';
$propbag->add('configuration', $conf_array);
}
function introspect_config_item($name, &$propbag) {
switch ($name) {
case 'realip_var' :
$propbag->add('type', 'string');
$propbag->add('name', PLUGIN_EVENT_PROXY_REALIP);
$propbag->add('description', PLUGIN_EVENT_PROXY_REALIP_VAR_DESC);
$propbag->add('validate', '/^\$[^;]+$/');
$propbag->add('default', '$_SERVER[\'X-FORWARDED-FOR\']');
break;
default :
$propbag->add('type', 'boolean');
$propbag->add('name', constant($name));
$propbag->add('description', sprintf(APPLY_MARKUP_TO, constant($name)));
$propbag->add('default', 'true');
}
return true;
}
function event_hook($event, &$bag, &$eventData, $addData = null) {
static $realip_var = NULL;
$hooks = &$bag->get('event_hooks');
if ($realip_var === null) {
$realip_var = $this->get_config('realip_var', '$_SERVER[\'X-FORWARDED-FOR\']');
$regex = '/^\$_(\w*) ?\[[\'"](\w*)[\'"]\]$/i';
preg_match($regex, $realip_var, $matches);
if (strtolower($matches[1]) == 'server') {
$tmp = $matches[2];
$realip_ip = filter_var($_SERVER[$tmp], FILTER_VALIDATE_IP);
} elseif (strtolower($matches[1]) == 'env') {
$tmp = $matches[2];
$realip_ip = filter_var($_ENV[$tmp], FILTER_VALIDATE_IP);
}
}
if (isset($hooks[$event])) {
switch ($event) {
case 'frontend_configure':
if ($realip_ip != FALSE) {
$_SERVER["REMOTE_ADDR"] = $realip_ip;
}
break;
default:
return false;
}
}
return false;
}
}
Reference in a new issue View git blame Copy permalink