extra sanitzation

2018-04-25 18:19:49 +03:00
parent 2a147b81e5
commit 66dee6516a
2 changed files with 4 additions and 0 deletions
--- a/api.php
+++ b/api.php
@@ -72,6 +72,8 @@ OR OTHER DEALINGS IN THE SOFTWARE.
 require_once("include/init.inc.php");
 error_reporting(0);
 $ip=$_SERVER['REMOTE_ADDR'];
+$ip=filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE);
+
 if($_config['public_api']==false&&!in_array($ip,$_config['allowed_hosts'])){
    api_err("private-api");
 }
--- a/mine.php
+++ b/mine.php
@@ -30,6 +30,8 @@ set_time_limit(360);
 $q=$_GET['q'];

 $ip=$_SERVER['REMOTE_ADDR'];
+$ip=filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE);
+
 // in case of testnet, all IPs are accepted for mining
 if($_config['testnet']==false&&!in_array($ip,$_config['allowed_hosts'])) api_err("unauthorized");