From 77fe80bb662649b6cc8c9f00e4448dee72b0fd48 Mon Sep 17 00:00:00 2001
From: Sei-Lisa <Sei-Lisa@users.noreply.github.com>
Date: Tue, 29 Aug 2017 03:21:09 +0200
Subject: [PATCH] Hot fix for settings.php (#27)

* Hot fix for settings.php

It's failing whenever there's more than 1 chunk.

Fixes #25.

* Escape $ip_packed.

It can contain arbitrary binary characters, so it needs escaping.
---
 php/settings.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/settings.php b/php/settings.php
index e686d74..27131fa 100755
--- a/php/settings.php
+++ b/php/settings.php
@@ -76,7 +76,7 @@ else if(isset($_REQUEST['w'])){ // write to a record
 	$given_webkey = mysqli_real_escape_string($link, $_REQUEST['w']);
 	
 	$ip_address = $_SERVER['REMOTE_ADDR'];
-	$ip_packed = inet_pton($ip_address);
+	$ip_packed = mysqli_real_escape_string($link, inet_pton($ip_address));
 	
 	if(!isValidGuid($given_webkey)){
 		echo "INVALID WEBKEY";
@@ -124,7 +124,7 @@ else if(isset($_REQUEST['w'])){ // write to a record
 				}
 			}
 			else{ // an existing webkey
-				if(!isAllowedIP($_SERVER['REMOTE_HOST'])){
+				if(!isAllowedIP($ip_address)){
 					$response = "BAD IP";
 				}
 				else{