Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-9091

Wrong IP checking for IPv4 addresses mapped into IPv6

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 3.0.8-RC1
    • 3.0.6
    • Sessions
    • None
    • PHP Environment: 5.2.6
      Database: MySQL 5.0.51

      I have updated from Debian 4 (etch) to Debian 5 (lenny), with a lot of upgrade (php, mysql, lighttpd, etc).

      The board, now, is able to see only IPv4-mapped address into IPv6. I'm not sure for what reason this happens (php? the web server?)

      The strong problem is that during the IP checking, the regex expressions don't detect an IPv4-mapped address.
      As a result, all users/bot connections come from localhost (127.0.0.1).

      You can imagine what a big issue is this. One for all, the ip-based ban filter stops to work.

      I have done a very simple patch I have deployed in a small-to-medium board (averaging ~30 users online).
      It seems to work fine.

      In the patch I suppose you perform the IP check against $_SERVER["REMOTE_ADDR"] only in session_begin() from includes/session.php.
      After that you use always the value stored in $session->ip.
      Is this assertion correct?

            bantu Andreas Fischer [X] (Inactive)
            devym devym
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: