From 0339013b47a7c3019e5e0065dcdba5e1c49944fb Mon Sep 17 00:00:00 2001 From: nuxsmin Date: Mon, 13 Mar 2017 12:01:08 +0100 Subject: [PATCH] * [FIX] Parse forwarded IP addresses when getting client IP address. Related #498 --- inc/SP/Controller/MainController.class.php | 2 +- inc/SP/Log/Email.class.php | 2 +- inc/SP/Log/Log.class.php | 2 +- inc/SP/Mgmt/PublicLinks/PublicLink.class.php | 2 +- inc/SP/Util/Util.class.php | 31 +++++++++++++------- 5 files changed, 24 insertions(+), 15 deletions(-) diff --git a/inc/SP/Controller/MainController.class.php b/inc/SP/Controller/MainController.class.php index bfbb89761..9eb9aaf7d 100644 --- a/inc/SP/Controller/MainController.class.php +++ b/inc/SP/Controller/MainController.class.php @@ -607,7 +607,7 @@ public function getPublicLink() $Message = new NoticeMessage(); $Message->setTitle(__('Enlace visualizado')); $Message->addDescription(sprintf('%s : %s', __('Cuenta'), $PublicLink->getItemId())); - $Message->addDescription(sprintf('%s : %s', __('Origen'), Checks::demoIsEnabled() ? '*.*.*.*' : Util::getClientAddress())); + $Message->addDescription(sprintf('%s : %s', __('Origen'), Checks::demoIsEnabled() ? '*.*.*.*' : Util::getClientAddress(true))); $Message->addDescription(sprintf('%s : %s', __('Agente'), Request::getRequestHeaders('HTTP_USER_AGENT'))); $Message->addDescription(sprintf('HTTPS : %s', Checks::httpsEnabled() ? 'ON' : 'OFF')); diff --git a/inc/SP/Log/Email.class.php b/inc/SP/Log/Email.class.php index 95c6f9c24..3d85c2cf8 100644 --- a/inc/SP/Log/Email.class.php +++ b/inc/SP/Log/Email.class.php @@ -61,7 +61,7 @@ public static function sendEmail(LogMessage $LogMessage, $mailTo = '', $isEvent if ($isEvent === true) { $performer = Session::getUserData()->getUserLogin() ?: __('N/D'); $body[] = sprintf('%s: %s', Html::strongText(__('Acción')), $LogMessage->getAction(true)); - $body[] = sprintf('%s: %s (%s)', Html::strongText(__('Realizado por')), $performer, Util::getClientAddress()); + $body[] = sprintf('%s: %s (%s)', Html::strongText(__('Realizado por')), $performer, Util::getClientAddress(true)); $Mail->addCC(Config::getConfig()->getMailFrom()); } diff --git a/inc/SP/Log/Log.class.php b/inc/SP/Log/Log.class.php index 48e711a8b..c22c89ee5 100644 --- a/inc/SP/Log/Log.class.php +++ b/inc/SP/Log/Log.class.php @@ -178,7 +178,7 @@ public function writeLog($resetDescription = false, $resetDetails = false) $Data->setQuery($query); $Data->addParam(Session::getUserData()->getUserLogin()); $Data->addParam(Session::getUserData()->getUserId()); - $Data->addParam(Util::getClientAddress()); + $Data->addParam(Util::getClientAddress(true)); $Data->addParam(utf8_encode($this->LogMessage->getAction(true))); $Data->addParam($this->getLogLevel()); $Data->addParam(utf8_encode($description)); diff --git a/inc/SP/Mgmt/PublicLinks/PublicLink.class.php b/inc/SP/Mgmt/PublicLinks/PublicLink.class.php index 3848323af..338afcf67 100644 --- a/inc/SP/Mgmt/PublicLinks/PublicLink.class.php +++ b/inc/SP/Mgmt/PublicLinks/PublicLink.class.php @@ -67,7 +67,7 @@ class PublicLink extends PublicLinkBase implements ItemInterface public function addLinkView() { $this->itemData->addCountViews(); - $this->updateUseInfo(Util::getClientAddress()); + $this->updateUseInfo(Util::getClientAddress(true)); $Log = new Log(); $LogMessage = $Log->getLogMessage(); diff --git a/inc/SP/Util/Util.class.php b/inc/SP/Util/Util.class.php index cda9643f8..86b0ddc13 100644 --- a/inc/SP/Util/Util.class.php +++ b/inc/SP/Util/Util.class.php @@ -44,7 +44,7 @@ class Util /** * Generar una clave aleatoria * - * @param int $length Longitud de la clave + * @param int $length Longitud de la clave * @param bool $useNumbers Usar números * @param bool $useSpecial Usar carácteres especiales * @param bool $checKStrength @@ -247,10 +247,10 @@ public static function checkUpdates() /** * Obtener datos desde una URL usando CURL * - * @param string $url - * @param array $data + * @param string $url + * @param array $data * @param bool|null $useCookie - * @param bool $weak + * @param bool $weak * @return bool|string * @throws SPException */ @@ -488,8 +488,8 @@ public static function getMaxUpload() * such as 'false','N','yes','on','off', etc. * * @author Samuel Levy - * @param mixed $in The variable to check - * @param bool $strict If set to false, consider everything that is not false to + * @param mixed $in The variable to check + * @param bool $strict If set to false, consider everything that is not false to * be true. * @return bool The boolean equivalent or null (if strict, and no exact equivalent) */ @@ -563,7 +563,7 @@ public static function getServerUrl() /** * Cast an object to another class, keeping the properties, but changing the methods * - * @param string $class Class name + * @param string $class Class name * @param string|object $object * @return mixed * @link http://blog.jasny.net/articles/a-dark-corner-of-php-class-casting/ @@ -619,9 +619,9 @@ public static function traceLastCall($function = null) /** * Comprobar si un valor existe en un array de objetos * - * @param array $objectArray + * @param array $objectArray * @param string $method - * @param mixed $value + * @param mixed $value * @return bool */ public static function checkInObjectArray(array $objectArray, $method, $value) @@ -699,10 +699,19 @@ public static function getETA($startTime, $numItems, $totalItems) /** * Devolver la dirección IP del cliente * + * @param bool $fullForwarded Devolver la cadena de forward completa * @return string */ - public static function getClientAddress() + public static function getClientAddress($fullForwarded = false) { - return Request::getRequestHeaders('X-Forwarded-For') ?: $_SERVER['REMOTE_ADDR']; + $forwarded = Request::getRequestHeaders('X-Forwarded-For'); + + if ($forwarded !== '') { + if (preg_match_all('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $forwarded, $matches)) { + return $fullForwarded ? implode(',', $matches[0]) : $matches[0][0]; + } + } + + return $_SERVER['REMOTE_ADDR']; } } \ No newline at end of file