SocialEngine 4: PHP warning: inet_pton():

|
Sunday,17 January 2016 06 00 AM

Andrew - SocialEngine

\Engine_IP::getRealRemoteAddress

Happily accepts anything as the client’s IP address from the $_SERVERglobal.

Malformed or malicious client requests thus can inject arbitrary strings into it, and as real life shows, they do supply strings like ‘unknown’ which causes the PHP warning mentioned in this issue’s title.

To fix this, edit the following file as below:  application/libraries/Engine/IP.php

 

--- a/web/application/libraries/Engine/IP.php
+++ b/web/application/libraries/Engine/IP.php
@@ -320,10 +320,12 @@
       $asIPv6 = self::$_preferIPv6;
     }

+    $address = filter_var($address, FILTER_VALIDATE_IP);
+
     if( $asIPv6 ) {
       return self::convertIPv4to6($address);
     } else {
       return $address;
     }
   }

 

SocialEngine will be adding this little modification into their next release so i am informed.

 

Looking for quality SocialEngine Hosting? Look no further than Arvixe Web Hosting

 

Tags: , , , , , | Posted under SocialEngine | RSS 2.0

Author Spotlight

Andrew Cross

Hi, I'm Andrew. A am a 26, ICT Administrator which offers support to company's around the South Wales Area. I have created a few social sites for myself and other company's. So far 2 out of 3 have been successful using the powerful SocialEngine Script. I continue to try and help the community of SocialEngine by giving Support and Technical Help where possible.
|
Personal Website

Leave a Reply

Your email address will not be published. Required fields are marked *