AriasCreations/AVsitter
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Hot fix for settings.php (#27)

Browse source 
* Hot fix for settings.php

It's failing whenever there's more than 1 chunk.

Fixes #25.

* Escape $ip_packed.

It can contain arbitrary binary characters, so it needs escaping.
This commit is contained in:
Sei-Lisa 2017-08-29 03:21:09 +02:00 committed by codeviolet
parent 705ac02889
commit 77fe80bb66
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
php/settings.php
View file

@ -76,7 +76,7 @@ else if(isset($_REQUEST['w'])){ // write to a record
$given_webkey = mysqli_real_escape_string($link, $_REQUEST['w']); $given_webkey = mysqli_real_escape_string($link, $_REQUEST['w']);
$ip_address = $_SERVER['REMOTE_ADDR']; $ip_address = $_SERVER['REMOTE_ADDR'];
$ip_packed = inet_pton($ip_address); $ip_packed = mysqli_real_escape_string($link, inet_pton($ip_address));
if(!isValidGuid($given_webkey)){ if(!isValidGuid($given_webkey)){
echo "INVALID WEBKEY"; echo "INVALID WEBKEY";
@ -124,7 +124,7 @@ else if(isset($_REQUEST['w'])){ // write to a record
} }
} }
else{ // an existing webkey else{ // an existing webkey
if(!isAllowedIP($_SERVER['REMOTE_HOST'])){ if(!isAllowedIP($ip_address)){
$response = "BAD IP"; $response = "BAD IP";
} }
else{ else{