mirror
/
twittodon
kopia lustrzana https://github.com/to3k/twittodon
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Merge pull request #4 from tymoteuszjozwiak/main 

fix: prevent IP address from being taken from input
pull/5/head
to3k 2022-12-21 21:20:22 +01:00 zatwierdzone przez GitHub
rodzic 79e4ba61c5 e387d7d770
commit d753931992
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 4AEE18F83AFDEB23
1 zmienionych plików z 14 dodań i 17 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

31
contact.php
Wyświetl plik

@ -23,6 +23,19 @@
{
if($_POST['consent'] == "agree")
{
if($_SERVER['HTTP_CLIENT_IP'])
{
$ip = $_SERVER['HTTP_CLIENT_IP'];
}
elseif($_SERVER['HTTP_X_FORWARDED_FOR'])
{
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip = $_SERVER['REMOTE_ADDR'];
}
$message = "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />
@ -30,7 +43,7 @@
<body>
<b>Submitter's address:</b> ".$email."<br>
<b>Submitter's name:</b> ".addslashes(strip_tags($_POST['form_name']))."<br>
<b>IP:</b> ".addslashes(strip_tags($_POST['ip']))."<br>
<b>IP:</b> ".$ip."<br>
<b>Message:</b><br>
".addslashes(strip_tags($_POST['form_message']))."
</body>
@ -54,19 +67,6 @@
else { $alert = 4; }
}
if($_SERVER['HTTP_CLIENT_IP'])
{
$ip = $_SERVER['HTTP_CLIENT_IP'];
}
elseif($_SERVER['HTTP_X_FORWARDED_FOR'])
{
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip = $_SERVER['REMOTE_ADDR'];
}
mysqli_close($mysqli);
//Change language
@ -306,9 +306,6 @@
?>
<div class="inputs">
<form method="post" action="">
<?php
echo "<input type=\"hidden\" name=\"ip\" value=\"".$ip."\" />";
?>
<input type="text" name="form_address" placeholder="Enter your e-mail address, so I can write you back" <?php echo "value=\"".addslashes(strip_tags($_POST['form_address']))."\""; ?> size="30"><br>
<input type="text" name="form_name" placeholder="Enter your name, so I know how to call you" <?php echo "value=\"".addslashes(strip_tags($_POST['form_name']))."\""; ?> size="30"><br>
<textarea name="form_message" placeholder="Type your message here..." size="30" rows="15"><?php echo addslashes(strip_tags($_POST['form_message'])); ?></textarea><br>