safer IP address decryption (KU_RANDOMSEED)

2011-06-03 17:36:36 +10:00 · 2011-06-03 17:36:36 +10:00 · 6ce8812843
commit 6ce8812843
parent 399a5ab5d1
1 changed files with 8 additions and 1 deletions
--- a/kusabax.php
+++ b/kusabax.php
@ -188,7 +188,14 @@
 		}
 		
 		// IP
-		$query->bindValue(':ip', md5_decrypt($post['ip'], $kusabaxc['randomseed']), PDO::PARAM_STR);
+		$ip = md5_decrypt($post['ip'], $kusabaxc['randomseed']);
+		if(!preg_match('/^\d+\.\d+\.\d+\.\d+$/', $ip)) {
+			// Invalid IP address. Wrong KU_RANDOMSEED?
+			
+			$log[] = 'Invalid IP address returned after decryption. Wrong KU_RANDOMSEED?';
+			$ip = '0.0.0.0'; // just set it to something valid and continue
+		}
+		$query->bindValue(':ip', $ip, PDO::PARAM_STR);
 		
 		// Time (`timestamp`)
 		$query->bindValue(':time', $post['timestamp'], PDO::PARAM_INT);