From 66dee6516a17daa0872b835a45f5a7ac4282f84a Mon Sep 17 00:00:00 2001
From: Arionum <admin@arionum.com>
Date: Wed, 25 Apr 2018 18:19:49 +0300
Subject: [PATCH] extra sanitzation

---
 api.php  | 2 ++
 mine.php | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/api.php b/api.php
index d0b519a..545d20b 100755
--- a/api.php
+++ b/api.php
@@ -72,6 +72,8 @@ OR OTHER DEALINGS IN THE SOFTWARE.
 require_once("include/init.inc.php");
 error_reporting(0);
 $ip=$_SERVER['REMOTE_ADDR'];
+$ip=filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE);
+
 if($_config['public_api']==false&&!in_array($ip,$_config['allowed_hosts'])){
     api_err("private-api");
 }
diff --git a/mine.php b/mine.php
index d9ba799..641657f 100755
--- a/mine.php
+++ b/mine.php
@@ -30,6 +30,8 @@ set_time_limit(360);
 $q=$_GET['q'];
 
 $ip=$_SERVER['REMOTE_ADDR'];
+$ip=filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE);
+
 // in case of testnet, all IPs are accepted for mining
 if($_config['testnet']==false&&!in_array($ip,$_config['allowed_hosts'])) api_err("unauthorized");