Hi all,
this is more question than real problem (I hope :)). I include this
script into my pages to log IPs of visitors (they are saved info txt
file and send to e-mail later):
function getIPadress()
{
if (isset($_SERVER["HTTP_CLIENT_IP"]))
{
return $_SERVER["HTTP_CLIENT_IP"];
}
elseif (isset($_SERVER["HTTP_X_FORWARDED_FOR"]))
{
return $_SERVER["HTTP_X_FORWARDED_FOR"];
}
elseif (isset($_SERVER["HTTP_X_FORWARDED"]))
{
return $_SERVER["HTTP_X_FORWARDED"];
}
elseif (isset($_SERVER["HTTP_FORWARDED_FOR"]))
{
return $_SERVER["HTTP_FORWARDED_FOR"];
}
elseif (isset($_SERVER["HTTP_FORWARDED"]))
{
return $_SERVER["HTTP_FORWARDED"];
}
else
{
return $_SERVER["REMOTE_ADDR"];
}
}
// save log to txt
$fh = fopen($fileWithLog, 'a+') or die("Oups " . $fileWithLog ." !");
$IPAdress = getIPadress();
fwrite($fh, date('j.n.Y G:i:s') . $IPAdress . " (" .
gethostbyaddr($IPAdress) . ")\n");
fclose($fh);
...can this be some possible security risk (XSS or so..), becose I
does not check chars in IP adress and host name mainly. It is probably
crazy, but on the other side I think it isn't imposibble to use some
bad strings in host name.
Would you recommend use "$IPAdress = htmlspecialchars(getIPadress());"
or something like? Or is it nonsense?
Thx and excuse me, if this question is too stupid :(. Br, Mir R.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
