sido/node
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

extra sanitzation

Browse Source
This commit is contained in:
Arionum
2018-04-25 18:19:49 +03:00
parent 2a147b81e5
commit 66dee6516a
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api.php
View File

@@ -72,6 +72,8 @@ OR OTHER DEALINGS IN THE SOFTWARE.
require_once("include/init.inc.php"); require_once("include/init.inc.php");
error_reporting(0); error_reporting(0);
$ip=$_SERVER['REMOTE_ADDR']; $ip=$_SERVER['REMOTE_ADDR'];
$ip=filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE);
if($_config['public_api']==false&&!in_array($ip,$_config['allowed_hosts'])){ if($_config['public_api']==false&&!in_array($ip,$_config['allowed_hosts'])){
api_err("private-api"); api_err("private-api");
} }

2
mine.php
View File

@@ -30,6 +30,8 @@ set_time_limit(360);
$q=$_GET['q']; $q=$_GET['q'];
$ip=$_SERVER['REMOTE_ADDR']; $ip=$_SERVER['REMOTE_ADDR'];
$ip=filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE);
// in case of testnet, all IPs are accepted for mining // in case of testnet, all IPs are accepted for mining
if($_config['testnet']==false&&!in_array($ip,$_config['allowed_hosts'])) api_err("unauthorized"); if($_config['testnet']==false&&!in_array($ip,$_config['allowed_hosts'])) api_err("unauthorized");