In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Simple Details Jump to Notes ] Wiki ]  Related Changesets ] View Advanced ] Issue History ] Print ]
ID Category Type Reproducibility Date Submitted Last Update
0001317 [In-Portal CMS] Front End bug report always 2012-06-11 08:15 2012-10-10 23:58
Reporter alex View Status public Project Name In-Portal CMS
Assigned To alex Developer
Priority normal Resolution fixed Fixed in Version 5.2.1-B1
Status resolved Product Version 5.1.3 Target Version 5.2.1
Time EstimateNo estimate
Summary 0001317: Allow to specify what IP address source to use
Description Right now In-Portal always relies on $_SERVER['REMOTE_ADDR'] variable to determine client's IP address.

This works not in all cases. For example, when behind Amazon Web Services load balancer the actual IP address is located in $_SERVER['X_HTTP_FORWARDED_FOR'] variable.

Always relying on X_HTTP_FORWARDED_FOR and then on REMOTE_ADDR is bad idea because attacker could forge fake ip to pass ip-based check. To solve this I'm proposing to add new configuration setting, where user can select preferred IP address sources with possible options:
* $_SERVER['X_HTTP_FORWARDED_FOR']
* getenv('X_HTTP_FORWARDED_FOR')
* $_SERVER['REMOTE_ADDR']
* getenv('REMOTE_ADDR')

Based on server configuration some of these option might return empty string instead of IP address and it's up to use to choose what to use. By default we will use $_SERVER['REMOTE_ADDR'] for backward compatibility.
Additional Information At the end method $this->Application->getIP() would return correct value based on configuration setting.

Since IP address check can be performed before application initialization this new setting must be added to /system/config.php file instead of SystemSettings database table. Of course install/upgrade wizard steps needs to be updated to reflect that.
Tags No tags attached.
Reference https://groups.google.com/d/topic/in-portal-bugs/70sQKBByKY8/discussion
Change Log Message Improving IP address detection
Estimate Points 1
Attached Files patch file icon improved_client_ip_detection_core.patch [^] (16,764 bytes) 2012-10-10 08:22 [Show Content]
patch file icon improved_client_ip_detection_modules.patch [^] (11,065 bytes) 2012-10-10 08:23 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
User avatar (0005215)
alex (manager)
2012-10-10 08:25

Will test all together later.
User avatar (0005216)
alex (manager)
2012-10-10 08:29

Fix committed to 5.2.x branch. Commit Message:

Fixes 0001317: Allow to specify what IP address source to use
User avatar (0005217)
alex (manager)
2012-10-10 08:31

Reminder sent to: Dmitry

Please check text added on "System Configuration" step for "Trust Proxy" setting.

- Related Changesets
In-Portal CMS: 5.2.x r15569
Timestamp: 2012-10-10 08:29:39
Author: alex
Details ] Diff ]
Fixes 0001317: Allow to specify what IP address source to use
mod - /in-portal/branches/5.2.x/core/install/step_templates/sys_config.tpl Diff ] File ]
mod - /in-portal/branches/5.2.x/core/install/steps_db.xml Diff ] File ]
mod - /in-portal/branches/5.2.x/core/kernel/application.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/kernel/globals.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/kernel/managers/cache_manager.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/kernel/session/inp_session_storage.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/kernel/session/session_storage.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/kernel/utility/debugger.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/kernel/utility/http_query.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/kernel/utility/logger.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/units/forms/form_submissions/form_submissions_eh.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/units/helpers/deployment_helper.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/units/helpers/language_import_helper.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/units/helpers/rating_helper.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/units/helpers/spam_helper.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/units/logs/session_logs/session_log_eh.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/units/phrases/phrases_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/units/reviews/reviews_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/units/users/users_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/units/visits/visits_event_handler.php Diff ] File ]
Modules :: In-Commerce: 5.2.x r15568
Timestamp: 2012-10-10 08:27:55
Author: alex
Details ] Diff ]
Bug 0001317: Allow to specify what IP address source to use
mod - /w/in-commerce/branches/5.2.x/units/downloads/download_helper.php Diff ] File ]
mod - /w/in-commerce/branches/5.2.x/units/gateways/gw_classes/atosorigin.php Diff ] File ]
mod - /w/in-commerce/branches/5.2.x/units/gateways/gw_classes/paybox.php Diff ] File ]
mod - /w/in-commerce/branches/5.2.x/units/gateways/gw_classes/paypal_direct.php Diff ] File ]
mod - /w/in-commerce/branches/5.2.x/units/gateways/gw_classes/rightconnect.php Diff ] File ]
mod - /w/in-commerce/branches/5.2.x/units/orders/orders_event_handler.php Diff ] File ]
mod - /w/in-commerce/branches/5.2.x/units/products/products_event_handler.php Diff ] File ]
mod - /w/in-commerce/branches/5.2.x/units/shipping_quote_engines/usps.php Diff ] File ]
Modules :: In-Bulletin: 5.2.x r15567
Timestamp: 2012-10-10 08:26:29
Author: alex
Details ] Diff ]
Bug 0001317: Allow to specify what IP address source to use
mod - /modules/in-bulletin/branches/5.2.x/units/poll_comments/poll_comment_eh.php Diff ] File ]
mod - /modules/in-bulletin/branches/5.2.x/units/polls/poll_eh.php Diff ] File ]
mod - /modules/in-bulletin/branches/5.2.x/units/polls/poll_tp.php Diff ] File ]
mod - /modules/in-bulletin/branches/5.2.x/units/posts/post_eh.php Diff ] File ]

- Issue History
Date Modified Username Field Change
2012-10-10 23:58 Dmitry Target Version Icebox => 5.2.1
2012-10-10 08:31 alex Issue Monitored: Dmitry
2012-10-10 08:31 alex Note Added: 0005217
2012-10-10 08:29 alex Note Added: 0005216
2012-10-10 08:29 alex Status reviewed and tested => resolved
2012-10-10 08:29 alex Fixed in Version => 5.2.1-B1
2012-10-10 08:29 alex Resolution open => fixed
2012-10-10 08:29 alex Assigned To !COMMUNITY => alex
2012-10-10 08:29 alex Changeset attached 5.2.x r15569
2012-10-10 08:27 alex Changeset attached 5.2.x r15568
2012-10-10 08:26 alex Changeset attached 5.2.x r15567
2012-10-10 08:26 alex Changeset attached 5.2.x r15566
2012-10-10 08:25 alex Note Added: 0005215
2012-10-10 08:25 alex Status needs testing => reviewed and tested
2012-10-10 08:25 alex Assigned To => !COMMUNITY
2012-10-10 08:25 alex Developer => alex
2012-10-10 08:25 alex Status active => needs testing
2012-10-10 08:23 alex File Added: improved_client_ip_detection_modules.patch
2012-10-10 08:22 alex File Added: improved_client_ip_detection_core.patch
2012-06-11 08:15 alex New Issue
2012-06-11 08:15 alex Reference => https://groups.google.com/d/topic/in-portal-bugs/70sQKBByKY8/discussion
2012-06-11 08:15 alex Change Log Message => Improving IP address detection
2012-06-11 08:15 alex Estimate Points => 1



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker