Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --- libraries/joomla/session/session.php.orig 2015-12-15 11:33:33.038861090 +0500
- +++ libraries/joomla/session/session.php 2015-12-15 11:37:50.990400875 +0500
- @@ -881,14 +881,8 @@
- }
- }
- - // Record proxy forwarded for in the session in case we need it later
- - if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
- - {
- - $this->set('session.client.forwarded', $_SERVER['HTTP_X_FORWARDED_FOR']);
- - }
- -
- // Check for client address
- - if (in_array('fix_adress', $this->_security) && isset($_SERVER['REMOTE_ADDR']))
- + if(in_array('fix_adress', $this->_security) && isset($_SERVER['REMOTE_ADDR']) && filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP) !== false)
- {
- $ip = $this->get('session.client.address');
- @@ -903,20 +897,10 @@
- }
- }
- - // Check for clients browser
- - if (in_array('fix_browser', $this->_security) && isset($_SERVER['HTTP_USER_AGENT']))
- - {
- - $browser = $this->get('session.client.browser');
- -
- - if ($browser === null)
- - {
- - $this->set('session.client.browser', $_SERVER['HTTP_USER_AGENT']);
- - }
- - elseif ($_SERVER['HTTP_USER_AGENT'] !== $browser)
- + // Record proxy forwarded for in the session in case we need it later
- + if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && filter_var($_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP) !== false)
- {
- - // @todo remove code: $this->_state = 'error';
- - // @todo remove code: return false;
- - }
- + $this->set('session.client.forwarded', $_SERVER['HTTP_X_FORWARDED_FOR']);
- }
- return true;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
